The gaming company EA has fixed a security flaw that let hackers use one of its servers to stage a phishing scam to trick victims into revealing their Apple IDs. Hackers used known issues in a years-old version of a Web calendar module as their hook into EA's servers.
EA patches server, blocks Apple ID phishing scam
EA updated the Web calendar module overnight, according to the BBC, and is now saying the hackers have been stopped from using its servers. "We found it, we have isolated it, and we are making sure such attempts are no longer possible," the company said in a statement.
The hackers gained access to EA's server through a 2008 version of WebCalendar that hadn't been updated. Once in, they set up a phishing scam designed to trick victims into giving up their Apple ID user name and password, as well as other pieces of personal information that could be used for identity theft.
If you suspect that your personal information, site logins, or other data may have been taken in a phishing scam, check out the Federal Trade Commission's website on dealing with identity theft.