Cyber Incident Victim: Electronic Arts Inc.

On March 19, 2014, security firm Netcraft identified a breach of an Electronic Arts (EA) server that had been repurposed by hackers to host a fraudulent Apple ID phishing page. Attackers compromised an outdated calendar application hosted on EA’s infrastructure, exploiting unspecified vulnerabilities to gain unauthorized access. The compromised server displayed a counterfeit Apple login interface designed to harvest user credentials. Victims were first prompted to submit their Apple ID and password, then redirected to a secondary form requesting extensive personal and financial details, including full name, credit card number, expiration date, CVV, date of birth, phone number, and mother’s maiden name. After submitting this information, users were forwarded to Apple’s legitimate website, potentially obscuring the theft. Netcraft notified EA of the breach on Tuesday, March 18, and by Wednesday, March 19, EA confirmed the phishing page had been removed. The company stated the server hosted no customer data, limiting direct exposure of EA user information, though the phishing operation targeted Apple ID holders indiscriminately.

EA spokesperson John Reseburg acknowledged the incident, confirming the company had identified and isolated the compromised system to prevent further exploitation. Reseburg emphasized that privacy and security were "of the utmost importance" to EA, though no specifics regarding the technical remediation were disclosed. Historical context indicates EA had previously experienced server breaches, including a 2011 intrusion affecting its BioWare Neverwinter Nights forum, which resulted in customer data theft, and an earlier attack disrupting its online Scrabble game. The 2014 phishing incident did not involve malware distribution or prolonged unauthorized access, as EA contained the threat within a day of notification. No public statements from Apple regarding the phishing campaign or its impact on users were referenced in the report.