Things seem to be going from bad to worse for EA at the moment. Set against the backdrop of a high profile resignation and multiple attacks on the media, the company seemed to have started to try and turn things around with a largely positive reception to their compensatory game for SimCity owners.
While large numbers of their customers are still feeling a little hurt over those SimCity launch week issues, a decent sale (50% of lots at the moment) and the offer of a free game in compensation seemed to set things at least facing the right direction for EA’s much criticised game store and launching portal. Now, Origin seems to be beset with another problem – it’s been hacked.
The BBC is reporting that the hack – tested in laboratory conditions but not yet believed to be publicly exploited – can be used to run malicious code on a target machine. It revolves around the way Origin links to the games that a user has purchased. The links, used to run installed games, work with a web syntax that can be redirected to install malicious code from the internet and run it on a user’s machine.
There’s no evidence at all that this has ever been used outside of the research setting at RiVuln, the security company who discovered it. It’s also important to note that some personal information about the user is required to make the exploit work – although Origin doesn’t prevent repeated attempts at guessing this information so that step is made a little easier for would-be attackers.
Hopefully, the publication of this study will prompt EA to address the security loophole sooner rather than later. In the meantime, it’s sensible to use unique passwords for every service and website you register with and never give up personal information to any dubious looking source.