Here are more details from the source’s report:
“The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster. After submitting these details, the victim is redirected to the legitimate Apple ID website at https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/
The compromised server is hosted within EA’s own network. Compromised internet-visible servers are often used as “stepping stones†to attack internal servers and access data which would otherwise be invisible to the internet, although there is no obvious outward facing evidence to suggest that this has happened.â€
They say that the hacker gained access inside EA’s servers through installation and execution of PHP arbitrary scripts. So it’s possible that the hacker is able to gain access to the contents from the user calendars, along with data and source code stores on servers.
The Verge has the following statement from EA:
“Privacy and security are of the utmost importance to us, and we are currently investigating this report,†an EA spokesperson writes in an email to The Verge. The fake page was said to still be live this morning; as of this afternoon, EA said that it had disabled any fake websites that it may have found. “We’ve taken immediate steps to disable any attempts to misuse EA domains,†a spokesperson said. Nonetheless, EA said that it had yet to confirm the “underlying claims†made by the security researchers.â€
Apple and its users has been a frequent target of hackers, with more than 500 million registered accounts and more. The company managed to avoid major incidents, apart from developer site being hacked last year.
