EA ignored domain vulnerabilities for months despite warnings and breaches
New information has emerged that gaming giant Electronic Arts (EA) ignored warnings from cybersecurity researchers in December 2020 that the platform contained multiple vulnerabilities that left the company’s network severely exposed to attackers. According to researchers at Israeli cybersecurity firm Cyberpion, they approached EA late last year to inform the company of multiple domains that were susceptible to takeovers, as well as misconfigured domains and DNS records. Even after providing details and proof of concept, Cyberpion found that EA did nothing to address the issues.
Co-founder of Cyberpion Ori Engelberg stated that EA responded to the messages with an acknowledgment of receiving the information on the vulnerabilities, claiming that they would reach out if they had additional questions. However, Cyberpion says they never heard from the company again. Through utilizing the stolen domains, EA could suffer from a data breach or other attack. EA faced backlash last week after it was revealed that a chain of vulnerabilities left customer’s EA accounts vulnerable to takeovers and data breaches.