Bitglass Security Spotlight: EA Origin Leaves the Data of 300 Million Accounts Exposed


This post was originally published here by  Will Houcheime.

Here are the top cybersecurity stories of recent weeks:  

  • EA origin leaves the data of 300 million accounts exposed
  • Health insurance marketing website leaks information of 5 million people
  • Data breach impacts cloud solution provider, PCM Inc.
  • Silexbot malware targets IoT devices
  • Orvibo leaks customer data and passwords

EA Origin Leaves the Data of 300 Million Accounts Exposed

Researchers from Check Point and CyberInt. recently found a vulnerable risk in EA Origin, a gaming server that hosts millions of players online. The discovery shows that up to 300 million gamers had their personally identifiable information (PII) exposed on popular games such as Madden, Battlefield, FIFA, NBA Live, and more. The security hazard enables hackers to exploit gaming accounts without compromising login credentials. Researchers reported that they were able to take control of an EA subdomain, which was used to lure online players into thinking that it was a secure webpage. The page would then use embedded codes to steal access tokens for easy entry into online accounts. 

Health Insurance Marketing Website Leaks Information of 5 Million People

An unsecured server belonging to a health insurance marketing website was recently discovered on MongoDB. had the protected health information (PHI) of 5 million individuals stored on the exposed server. The website, which is owned by TZ Insurance Solutions, helps individuals find the right Medigap insurance plan, a form of private health insurance. In order to receive a quote, individuals have to fill out a form with their health information. Personally identifiable information (PII) including full names, postal addresses, email addresses, dates of birth, and IP addresses were also found on the MongoDB server. Diachenko has emphasized potential risks that this exposure can lead to, as victims affected by this data leak can be exposed to further damages. 

Data Breach Impacts Cloud Solution Provider, PCM Inc. 

PCM Inc., a cloud solution provider, had their email and file sharing systems compromised by hackers. Sources report that the data breach allowed hackers to steal administrative credentials used by PCM to monitor client accounts within Office 365. Security experts claim that the culprit’s motive was to steal the information in order to conduct gift card fraud at retailers and financial institutions. Researchers report that similar incidences have occurred in the past, such as when Indian IT firm, Wipro, fell victim to hackers harvesting gift card information. Currently, it is unclear if the PCM breach was done by the same hackers, but it seems that gift cards were their primary targets.

Silexbot Malware Targets IoT Devices 

A new malware named ‘Silexbot’ has surfaced, targeting Internet of things (IoT) devices. The malware, supposedly belonging to a teenager in Europe, has been implemented into many endpoints in hopes of stopping access of other malware families. The bot is being injected into devices with default credentials, which rewrites the code of each device, and blocks it from being used properly. Researchers are claiming that once the malware has penetrated a device, it has the ability to delete network configurations. Many researchers are reporting that the owner’s intentions are not retaliatory, and that the purpose of the malware is to stop infection by other botnets. 

Orvibo Leaks Customer Data and Passwords

Orvibo, a Chinese smart home management manufacturer, has left customer information exposed on an ElasticSearch server without a password. The SmartMate, which manages smart applications, is run by Orvibo, who also produces smart cameras, light bulbs, thermostats, and HVAC systems. The misconfigurationof one of Orvibo’s servers is what ultimately led to the exposure of the data. Personally identifiable information (PII), including email addresses, IP addresses, usernames, and hashed passwords was found on the server. In some cases, precise geolocation and device schedule operation was also disclosed. Security researchers, Noam Rotem and Ran Locar, have asked for assistance in notifying Orvibo about the discovery of the server, but it seems that since the server is still available, Orvibo has not taken any precautions to shut it down.


No posts to display