Vulnerability Management, Data Security, Patch/Configuration Management

Over 700M EA user accounts exposed by critical account system flaw

A glowing red exclamation point inside a glowing red triangle on a glowing red digital background

Cybernews reports that major U.S. video game company Electronic Arts had more than 700 million user accounts leaked as a result of a critical vulnerability impacting its account system, which could have been exploited to facilitate username and game data exfiltration, as well as unauthorized account logins.

Extensive account exposure by a misconfigured API was discovered by game developer and ethical hacker Sean Kahler through a developer testing environment privileged access token obtained following the identification of hardcoded credentials in a game's executable. Such an issue was alerted by Kahler to EA in June but patches were only issued between July and October. "Given the severity, it's a bit strange how long it took EA to get fixes out. Their original estimation was that it wouldn't be done until the end of the year despite this being a simple case of exposed documentation and a single insecure endpoint. I understand it's more complicated than that internally, but a quick patch to fix the crux of the problem would've been prudent,” said Kahler.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds