14 DAY TRIAL // Sebastian Lodtke, a researcher from the Vulnerability Lab, identified a cross-site scripting (XSS) vulnerability in the public website of the American video game developer, marketer, and publisher Electronic Arts (EA).
The non-persistent security hole could have allowed a remote attacker to hijack customer sessions with the aid of some social engineering techniques.
Successful exploitation of this weakness may have resulted not only in session hijacking, but also in client side phishing and even account theft.
EA was first notified of the issues just before Christmas in 2011 and then again on two other occasions. Sometime between February 2 and February 6, 2012, the vendor responded and patched up the flaws.
It appears that EA is having a hard time keeping its online assets secure, last week hackers managing to breach and deface their official forum.