Researchers have discovered a chain of flaws in EA Games' login process that could allow an attacker to take over the accounts of any or multiple EA gamers -- and there are 300 million of these around the globe. Stolen gaming credentials are valuable and frequently sold on the internet.
The flaws were discovered in EA's Origin platform and worked into a proof of concept by Check Point Research and Cyberint (PDF) researchers.
Cyberint and Check Point responsibly disclosed their findings to EA Games, and worked with the company to help fix the flaws and roll out an update before any threat actor could exploit them. EA responded rapidly, and the vulnerabilities have now been fixed. The researchers believe that the vulnerabilities have never been exploited. Nevertheless, they urge gamers to use two-factor authentication wherever possible.