The hacked server which host Two ea.com domains, are being used to host a calendar based on WebCalendar 1.2.0. Netcraft points that, this version of web-calender contains many vulnerabilities which allows an unauthenticated attacker to modify settings and possibly execute arbitrary code. Moreover, hacker might have took the advantage of these vulnerabilities to hack the server.
Hackers trick the users to submit Apple ID's and password, and on the second phrase it asked users (victim) to verify full name, card number, expiration date, verification code, date of birth, phone number, mother's maiden name, plus other details that would be useful. After submitting the all the details Victim was redirected to legitimate Apple ID website athttps://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/
The compromised server which host EA domains are further used to get the users details from the EA server. Hacker have managed to install and execute arbitrary PHP scripts on the EA server, so that he can trace the server admins and users for theirs activity. It can grab all the information of the server (as like users data some useful source code) as well all the updates made on the calender.
Additionally, with the phishing page for Apple ID's, attacker have also hosted another phishing page which try to steal credentials from users of its Origin digital distribution platform. Phishing on the Origin directory ask the users email id and passwords.
Earlier this year, EA server had been brought down because of hacking attempts, and a group called Derp Trolling have taken responsibility of the attack, which is made by the distributed denial of service attack. Team have made a tweet for this attack.