Update: EA said in a statement that it’s investigating the reports (via TheVerge):
According to a report from internet security and research company Netcraft, hackers have compromised an EA Games server and are currently using it to host a phishing site that steals Apple IDs and more from unsuspecting users. The company published its report today and says it contacted EA yesterday to report the discovery, but as of publishing the compromised server and the phishing site stealing Apple IDs were still online.
Netcraft claims the phishing site being hosted on EA’s servers not only asks for an Apple ID and password but also the user’s “full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster.” Netcraft also reports that EA Games is being targeted in other phishing attacks that are attempting to steal user data from its Origin game distribution service:
While Netcraft is unsure of how the server was compromised, it speculates that an outdated version of WebCalendar 1.2.0 software (that has been patched since) running on the websites stored on the compromised servers could have provided a vulnerability for the attackers.
(via CNET)