The best way for a thief to enter your well-secured house is to trick you into opening the door. That is what a phishing scam is. It is a thief's attempt to acquire your credentials by tricking you into giving them to him. That is precisely what is happening on a hacked, EA server. Appleinsider reports:
On the page, users are asked to sign in with their Apple ID and accompanying password, though the page itself is hosted on ea.com. After a person enters their information, a second page asking for full name, credit card number, expiration date, verification code, date of birth, phone number, mother's maiden name, and other information.
Once a user has been tricked into submitting their details, they are redirected to the actual Apple ID website, in an attempt to play the left off as legitimate.
Netcraft was able to verify that the compromised server is hosted within EA's own network, and that the hacker who implemented the attack has installed and executed PHP scripts on EA's server.
EA is already under fire for ruining the best gaming franchises with a broken in-app purchase system that is one of the worst in the business. Many regard it as one of the worst companies ever. Now, their slimy business practices have been paired with bad actors using their system as a vector for stealing your Apple ID. My advice is to never enter credentials into a site that you did not go to directly. Second, stop buying EA games.