Thursday, March 20, 2014

One of EA Server hacked , then setup for Phishing



How - The regular boring stuff:

Missing Patches

Oh, they previously chad a breach in 2011.


According to the article:- 

The server hosted an outdated calendar that had several vulnerabilities and was likely the way the hackers got into the system to set up the phishing page.


"The phishing site attempts to trick a victim into submitting his Apple ID and password," Netcraft wrote in a blog post. "It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother's maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID Web site."

The links below has more information:


No comments:

Post a Comment