Monday, 14 September 2015 10:25

Concerns about an EA Origin Breach Pop Up After a Round of Password Reset Emails Go Out

Written by

Reading time is around minutes.

There are rumblings on the internet that all might not be well with EA after a round of password reset notices appear to have been sent out on Sunday (8-13-2015). EA does not give a specific reason behind the reset notifications other than suspicious activity. However, the timing seems to correlate with an authentication exploit that has been talked about on the darker side of the internet. These claims are that a group has been silently exploiting EA’s authentication servers for months. It is far from certain that EA has suffered a large-scale breach, but it does bring up the subject of authentication server security.

EA, Steam, Blizzard, and many other online gaming services have suffered from this type of breach in the past and they can be very hard to track down and stop. After all, if you can compromise the authentication server you are getting past the gate keeper and can eventually get deeper access depending on type of attack. The way authentication servers work is simple: you connect to an edge system that queries a database. If the information you type in matches information stored on the database, you are allowed in.

You can add layers of security to this system, including having an extra authenticating identifier, but for the most part authentication is a fairly straight forward process. It is this simplicity, combined with the high value of the data behind the servers, which make them such targets. Things get even more concerning when you start adding in all of the compromised encryption technologies. In the last year we have seen SSL 3.0 and TLS 1.0 compromised and TLS 1.1 seems to be next on the list. This is not even getting into the actual cyphers that should not be used. It is becoming more and more difficult to build and maintain a safe environment for cloud users to work in.

In a more controlled system (like corporate networks) you can drop in a network access policy server. This type of server can perform a scan of a system for malware, secondary connections etc. to help prevent a compromised user system from being an attack point. Sadly in public cloud services this becomes more difficult, if not impossible for legal and administrative reasons.

As things stand right now, we have heard of around 20 notifications that all went out on Sunday, which is what started some of the talk about a possible breach. We do not know if this is a localized issue or something much larger, and our email to EA has not been replied to at the time of publication. We do hope that this incident is something less serious than a full breach of EA’s systems, but even the alternatives are not really “good”.

We will keep you up to date as we get more information.

Read 4001 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.