It is not clear why the hackers thought users would be dumb enough to log into an Apple account through EA's website, but the domain looked right. EA said that it had disabled any fake websites that it may have found. Netcraft said that the fake page was said to first prompt visitors for their Apple ID and password, and then follow up with fields for their credit card and other information.
Netcraft says that the hackers were able to put the fake page up after compromising an EA server that's used to host two EA.com sites. The server was reportedly used to host a calendar application, but EA had apparently been using a severely outdated version of the calendar. Netcraft says there is no evidence that internal data on the server was accessed.