The bug occurs when you use the EA Origin client but request to edit your account on EA.com,” he said. “The EA Origin client will spit out an auto-login URL, in which the token is basically the equivalent of your active username and password.
The Auto-Login URL feature was not tied to your specific IP address and allowed anyone access to accounts’ settings panels.
The researcher that discover the bug also warns that the vulnerability would be a treasure trove for attackers attending gaming conventions or competitions, where people are most likely to use unsecured WiFi networks and use the EA Origin client and its auto-login feature.
In the highly competitive world of online gaming, this vulnerability could lead to doxxing or the hijacking of accounts belonging to famous players or streamers.
EA are reportedly working on a patch for the bug.