There’s a bug in EA’s Origin client that could allow unauthorised access

2 min read
9

Origin

[Update EA has since confirmed that the bug has been fixed.]

An EA spokesperson confirmed that fixes were rolled out earlier this month and that the company had not seen evidence of any unauthorised users having accessed subscriber’s data.

[Original article as follows]

EA’s Origin client is probably one of the least favourite third-party launchers that PC gamers have to put up with. It’s biggest saving grace is that at least it’s not uPlay. Jokes aside, it’s not a very good client, and a recently discovered security vulnerability makes it a little worse.

The bug was discovered by a security researcher calling themselves Beard.

Speaking to ZDNet, he clarified how the bug works.

“The bug occurs when you use the EA Origin client but request to edit your account on EA.com,” he said. “The EA Origin client will spit out an auto-login URL, in which the token is basically the equivalent of your active username and password.”

Unfortunately, that Auto-login URL doesn’t cross-check with IP, so if anybody were to get hold of that URL, it could be used to initiate a login. That means a dodgy bit of malware, a man-in-the-middle attack or an insecure router and your EA Origin account could be comprised.

“If you’re on an unsecured network or WiFi hotspot; like at a cafe or hotel, someone can easily grab these token auto-login URLs and basically log in as the end user who requested these token links,” Beard said.

With the information – real name, the last four digits of his credit card, the last digits of his phone number, order history etc – attackers could initiate ID theft. They could also theoretically lock players out of the Origin accounts, buy games with existing card information, and then resell those accounts with the games in tow.

According to Beard, EA is now aware of the bug, and a fix is in the works.

Last Updated: November 20, 2018

Check Also

NYCC Trailer Round-up: All the new shows we didn’t quite get to

This past weekend saw a host of exciting new trailers released from New York's Comic-Con e…