EA Reportedly Ignored Vulnerabilities Prior To Being Hacked
As many of you may know by now, Electronic Arts was hacked not long ago and many have wondered how hackers managed to breach the security of such a large corporation. Some new details have arise and it’s more surprising than anything else.
EA Ignored Vulnerabilities Prior To Being Hacked
Recently, Electronic Arts was reportedly hacked to the surprise of many people, apparently even the company itself. However, it may not be that big of a surprise after all as apparently, the publisher was warned about its domain vulnerabilities and they chose to ignore it instead.
It was reported that Israeli cybersecurity agency Cyberpion informed the publisher about 6 vulnerabilities at least, including login pages connected via HTTP instead of HTTPS and over 500 DNS misconfigurations within their domains. To prove their point, Cyberpion even simulated an attack based on those same vulnerabilities in December 2020.
In case you thought it fell on deaf ears, EA reportedly acknowledged the details given but simply mentioned that they will contact them if they have any questions but nothing else happened. The publisher claimed that the cybersecurity agency wanted a sales meeting to “show off their techniques” and that they didn’t follow their product security vulnerability disclosure process.
Given that the company has some major games in the pipeline, this, along with issues in other games like servers in Apex Legends, doesn’t exactly instill confidence in them. Hopefully, they manage to get something done in time for Battlefield 2042’s release at least.
Pokdepinion: Sounds like they’re trying to shrug it off and not take the blame, if you ask me. I just hope they at least did something by now to improve it, otherwise this is gonna go from bad to worse in a flash.