EA's online game store Origin has been hacked to run malicious code.

The exploit was discovered by third-party security company ReVuln while running tests on the software.

It allows a malicious user to swap links that launch already-downloaded games with those for alternatives.

There's no evidence the loophole has yet been identified or exploited by anyone else, BBC News reported.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma wrote in a paper identifying the issue.


"In other words, an attacker can craft a malicious internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

ReVuln has published a more detailed explanation of how someone could manipulate the code, along with information on what EA should do to combat it.

In the meantime, players can avoid the issue by launching Origin games directly through the service, rather than letting them load via desktop shortcuts.

EA has said it is "investigating" the vulnerability.

News of the security thread comes at a torrid time for EA. Company boss John Riccitiello announced his departure last night after weaker-than-expected financial results and a fortnight of embarrassment surrounding the launch of SimCity.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. For more information, go here.

Jump to comments (49)

About the author

Tom Phillips

Tom Phillips

News Editor

Tom is Eurogamer's news editor. He writes lots of news, some of the puns and all the stealth Destiny articles.

More articles by Tom Phillips