Researchers from Check Point in collaboration with CyberInt, discovered a new security vulnerability in the Origin gaming client developed by Electronic Arts. The researchers found that the vulnerabilities could have led to identity theft or account takeovers.

What made the Origin exploit particularly dangerous was the fact that it didn’t require user intervention to hand over login information like logins or passcodes. The vulnerabilities found on EA’s gaming platform allowed attackers to steal tokens associated with OAuth SSO (Single Sign-On) and TRUST mechanisms built into EA Games’ user login process.

Check Point and CyberInt disclosed their findings to EA to fix the vulnerabilities and roll out an update before it could be exploited.

Adrian Stone, Senior Director, Game and Platform Security at Electronic Arts, said; “Protecting our players is our priority. As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues. Working together under the tenet of Coordinated Vulnerability Disclosure strengthens our relationships with the wider cybersecurity community and is a key part of ensuring our players stay secure.”

The two cybersecurity firms also advised Origin users to activate two-factor authentication and only use official websites when purchasing or downloading games. The prompt action of the two firms gave EA enough time to address the issues before going public with their findings.

Oded Vanunu, Head of Products Vulnerability Research at Check Point, said; “EA’s Origin platform is hugely popular; and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users’ accounts. Along with the vulnerabilities we recently found in the platforms used by Epic Games for Fortnite, this shows how susceptible online and cloud applications are to attacks and breaches.”

Check Point and CyberInt have also urged gamers to be vigilant when receiving links sent from unknown sources.