While hackers are looking for new ways to steal a user’s private data, the traditional method of hacking a famous website still seems to be working for these guys. The latest victim to such hacking was one of EA’s website, wherein these hackers tried to collect user’s Apple credentials by popping up a fake Apple login ID page.
The fake Apple page was spotted on one of EA’s subdomains and looked exactly like the original Apple login page. In fact, everything was so similar that even those who have seen the actual page plenty of times will have a hard time spotting the difference. Further, given that this was on a respectable website like EA, users could have easily been deceived.
The issue was first detected by a security firm called Netcraft. The Apple page which appeared on the website first asked the reader to log into his/ her Apple account. This would have compromised their Apple login ID and password. But the hackers didn’t stop there. After putting in the details, a new page would pop up which asked the reader to put in private details like Full Name, Card Number, Expiration Date, Phone Number, Mother’s maiden name etc. Naturally, these essential details would be valuable for a fraudster, and can even be used to clone the reader’s iDevice.
According to the firm, these hackers were able to exploit a bug on one of EA’s servers hosting a calendar app. The app was reportedly installed back in 2008 and hackers were able to put up the fake Apple page by using this outdated app server.
The hack was first detected a day ago by the firm and it reported the matter to EA immediately. According, to the company, the issue has been solved and hackers will no longer be able exploit the bug.
“We found it, we have isolated it, and we are making sure such attempts are no longer possible,” said a company’s spokesperson to Verge.
Netcraft also added that they have added the page to the blocked list. The list is used by anti-virus softwares and major web browsers, which means even if a user stumbles upon the page, the web browser will warn him.
Users are advised not to put in their Apple login details on websites where it’s not necessary. There’s no reason for any website to ask for Apple Credentials, especially when they are not related to the company, so users should make sure they are cautious with these details.
For comments and suggestions, leave a message in the comments section below. Like and Follow our Facebook page for more stories and to stay up-to-date with the latest happenings.