A security flaw discovered within EA Origin earlier this year left around 300 million people exposed to hackers. It has subsequently been fixed.
Online security is a hotter topic now than ever before, as more of our lives are unfolding online. Even those who actively try to leave as small a digital footprint as possible will have been forced to enter personal data online. Others post anything and everything on social media, and have entered their financial details into more websites than they could ever remember.
The gaming world is obviously no stranger to things shifting from analog to digital either. Almost every title has some sort of online element to it, whether that be a multiplayer aspect or downloadable content. If you're anything like us, you have probably blindly told countless developers your details without really thinking about it.
That's why news of a security flaw within EA Origin picked up earlier this year is incredibly worrying. The flaw left 300 million EA account holders exposed to hackers, reports CNET. Security researchers Check Point and CyberInt discovered the flaw and informed EA of its existence back in February of this year. It has since been fixed and patched, so there's currently no need to worry.
The flaw allowed potential hackers to steal an account's authorization token. An authorization token is similar to a password, but users don't need to create them. Services generate them and it's what they use to keep users logged in should they choose not to insert their username and password every time they want to use the service. It is a feature that is used by a large majority of players, hence the 300 million accounts at risk. The security researchers took control of an inactive EA sub-domain and were able to obtain the authorization tokens of all EA Origin users.
After doing so, the researchers alerted EA to the flaw so that the developers could fix it. It took EA three weeks, and while that process was carried out, the researchers who discovered it kept control of the domain in order to protect it from potential hackers. As far as we know, the issue was fixed back in March.