An Electronic Arts website was hacked in a phishing scheme aimed at the acquisition of Apple IDs and credit card numbers, security researchers reported Wednesday. Security vulnerabilities in a calendar application are probably what enabled attackers to compromise an EA server and create a phishing site designed to look like an Apple login page, said researchers at Netcraft, a U.K.-based security services company, in a blog post.
Hold onto your Apple ID credentials and don’t enter them anywhere unless you’re 100 percent certain that a) it’s necessary, and b) legitimate. That’s today’s security lesson, courtesy of a very convincing Apple ID login screen hosted on game publisher Electronic Arts’ website that was used to steal credentials. The first question a user stumbling across the site above should ask themselves is: “Why is EA.com asking me for my Apple ID?” According to Paul Mutton at security research firm Netcraft the compromised server was used by two websites in the ea.com domain ordinarily used to host an online calendar.