• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

EA/Origin account hacked: Is this a new thing?

diamount

Banned
It's almost as if the article I posted comments that lastpass has security issues of its own and shouldn't be used? Especially when a user is talking about being hacked themselves.

For things such as e-mail and game account's it is an acceptable tool. Financial things like bank accounts you are free to write down a 30 character password and put it in a safe or something, but that's inconvenient and with some due diligence on your part there is no way someone will get the password in the first place.

Even if they do siphon passwords, they are encrypted anyway so unless you are being soley targeted then it's unlikely they'll crack it in any reasonable time.. and if you change your password regularly then there is no chance they'll get it if they've already patched any security leaks.
 

Stallion Free

Cock Encumbered
Last year my steam account was hacked bastards traded away my soldier medal. Steam couldn't do anything for me except grant me access back to my account after a week long process. I feel for you dude, shit is lame.

Did you not have Steam Guard set up?
 

Stallion Free

Cock Encumbered
They send you an email to confirm any sort of changes to your account, right?
No, no one can log into your account without the code that is sent to your email. The code is completely random and is sent when login is attempted. Two step verification. Your account can't be touched.
 

Coconut

Banned
No, no one can log into your account without the code that is sent to your email. The code is completely random and is sent when login is attempted. Two step verification. Your account can't be touched.

Oh I don't know I have that now was their a point when this didn't exist maybe it was longer than a year ago.
 

Shaneus

Member
Well, woke up to find a tweet reply from that account saying to check my email. Checked, found a link to reset my password, but had to go through and manually re-add my games one-by-one. So once I got service they were fine, but it honestly beats the shit out of me how it could happen to so many accounts all at once.
 

Gaaraz

Member
I've just got this too, the link in the email takes me to a generic FAQs page, and if I try to reset my password again it says the service is unavailable. Sigh.
 

Shaneus

Member
Ah shit man, sucks to hear it.

What I would try if I was you:
If it's linked to an XBL or PSN account, download the EA Sports app (I assume it's on PSN, it *is* on 360) and make a note of the name it's registered to.
Look up that email on Origin, see if you can find the user account it's named.
Create a case (I had to, no live chat in Australia, but live chat may work) and put as much info as you can into it. Also, tweet @AskEASupport with the case number, they replied to that specific tweet fairly quickly. I think that was the thing that hurried it along the most.
If you have linked it with your FB, I don't believe they can unlink it. So log in with your FB details and I think you might be able to fix the information that way (but still contact EA support, obv.).

Good luck, man. Keep us all posted with how you go!
 

Gaaraz

Member
Thanks Shaneus, luckily they didn't change my email (unsure why...) so I've managed to recover the account for now at least, but still plenty more to do! Thanks for the great tips
 

subversus

I've done nothing with my life except eat and fap
nah, it's been going for some time. Just don't use an email you usually use, use the separate, ORIGIN EXCLUSIVE one.

Origin sucks.
 

TheSeks

Blinded by the luminous glory that is David Bowie's physical manifestation.
Ah shit man, sucks to hear it.

What I would try if I was you:
If it's linked to an XBL or PSN account, download the EA Sports app (I assume it's on PSN, it *is* on 360) and make a note of the name it's registered to.
Look up that email on Origin, see if you can find the user account it's named.
Create a case (I had to, no live chat in Australia, but live chat may work) and put as much info as you can into it. Also, tweet @AskEASupport with the case number, they replied to that specific tweet fairly quickly. I think that was the thing that hurried it along the most.
If you have linked it with your FB, I don't believe they can unlink it. So log in with your FB details and I think you might be able to fix the information that way (but still contact EA support, obv.).

Good luck, man. Keep us all posted with how you go!

If it's linked to your PSN, you could just login to EA.com with the PSN login option. It's what I did and how I found out I was hacked in June. Called EA, got it sorted out. You don't need the support app download for that. Dunno about the XBL option, but yeah: having a synced console account may save your ass.
 

Stumpokapow

listen to the mad man
It's almost as if the article I posted comments that lastpass has security issues of its own and shouldn't be used? Especially when a user is talking about being hacked themselves.

This is an extremely silly conclusion to draw from the article you linked.

LastPass:
- Noticed irregular traffic coming from one server
- Immediately disclosed this
- Investigated and did not find any evidence to believe anything was actually hacked
- Based on the amount of the traffic, if data was stolen, it was a very low amount of data, probably fewer than 200 passwords (and thus probably fewer than 10 users)
- The passwords were all encrypted with your master password and per-password salts. LastPass does not know your master password, so even if their entire database is stolen, the hackers are not able to do anything with the data.
- Even if someone did steal all the info, they'd still need to crack your master password, which is supposed to be 12+ (the longer the better) characters and would essentially be uncrackable on their own. My master password is 15 characters including upper, lower, numbers, and symbols; which would have a state-space complexity of about 3.56 * 10^110 to crack. So even were my information stolen, it wouldn't have been cracked. My master password is not as secure as they recommend to begin with.
- LastPass sent out a warning to all users to have them change their master password
- They immediately added two-step verification
- They immediately had multiple external security audits.

So for you to read that and say "welp no such thing as security lastpass sux" is insane. LastPass followed responsible disclosure, it followed security best-practices, there was no evidence that any data was actually stolen, if data was stolen it was extremely limited, and regardless of how much data was stolen, it was useless.

Disclosure: I don't use Lastpass, I use 1Password.
 

iNvid02

Member
This is an extremely silly conclusion to draw from the article you linked.

LastPass:
- Noticed irregular traffic coming from one server
- Immediately disclosed this
- Investigated and did not find any evidence to believe anything was actually hacked
- Based on the amount of the traffic, if data was stolen, it was a very low amount of data, probably fewer than 200 passwords (and thus probably fewer than 10 users)
- The passwords were all encrypted with your master password and per-password salts. LastPass does not know your master password, so even if their entire database is stolen, the hackers are not able to do anything with the data.
- Even if someone did steal all the info, they'd still need to crack your master password, which is supposed to be 12+ (the longer the better) characters and would essentially be uncrackable on their own. My master password is 15 characters including upper, lower, numbers, and symbols; which would have a state-space complexity of about 3.56 * 10^110 to crack. So even were my information stolen, it wouldn't have been cracked. My master password is not as secure as they recommend to begin with.
- LastPass sent out a warning to all users to have them change their master password
- They immediately added two-step verification
- They immediately had multiple external security audits.

So for you to read that and say "welp no such thing as security lastpass sux" is insane. LastPass followed responsible disclosure, it followed security best-practices, there was no evidence that any data was actually stolen, if data was stolen it was extremely limited, and regardless of how much data was stolen, it was useless.

Disclosure: I don't use Lastpass, I use 1Password.

gYIrc.gif
 

TheSeks

Blinded by the luminous glory that is David Bowie's physical manifestation.
No, no one can log into your account without the code that is sent to your email. The code is completely random and is sent when login is attempted. Two step verification. Your account can't be touched.

I'm trying to turn this on but it keeps hanging at "Contacting Steam Servers to perform request..." dunno why. Is the servers being hammered or something?

Nevermind, apparently it's on but I don't think I've ever gotten an e-mail from Steam when I'm logging in. Weird. I guess because it's the main PC I generally login from?
 

Stallion Free

Cock Encumbered
Nevermind, apparently it's on but I don't think I've ever gotten an e-mail from Steam when I'm logging in. Weird. I guess because it's the main PC I generally login from?

Yeah, it has to be on a new platform. It would be stupid if they made you input a random code on your home PC every time you started up steam. Open up a browser that you have never logged into the Steam website on to see the process.
 

Shaneus

Member
If it's linked to your PSN, you could just login to EA.com with the PSN login option. It's what I did and how I found out I was hacked in June. Called EA, got it sorted out. You don't need the support app download for that. Dunno about the XBL option, but yeah: having a synced console account may save your ass.
Yeah, I actually just remembered that when logging in via the web it gives an option to login via FB or PSN authentication.

Would someone here be able to quote the article from RPS in this thread? I can't get to it from work and I'd love to see what they have to say about it.

subversus: What's the reasoning behind using a different email account for the service than for other ones? Is it that it's easier to find out your email account via other services and use that as some kind of proof that you're the account owner?
 
Mine isn't hacked, so let's move to the next logical step. Free games for the inconvenience.
Also I have so many different yet same Origin, EA, Pogo or whatever site they use, accounts that I probably can't change my passwords without locking myself out.
 

Imbarkus

As Sartre noted in his contemplation on Hell in No Exit, the true horror is other members.
Somehow my daughter's account got hacked, which would have been a severe bummer since she's got everything Sims on it.

But I had a great experience today with Terrence at EA support. Guy was solid, sharp, knew his stuff, did all he could to help identify the account.

Got control of it back today. Maybe 1/2 hour and I'm done. I've spent 3 times that long just waiting for Blizzard to get on the phone.

Had to come here and give the EA support the props they are due....
 

Bboy AJ

My dog was murdered by a 3.5mm audio port and I will not rest until the standard is dead
Oh what the fuck. I just got a password changed email. I don't even use this shit. And it's a pain to figure out how to contact them. The Contact Us button leads to the forums or something.
 

Bboy AJ

My dog was murdered by a 3.5mm audio port and I will not rest until the standard is dead
You are not alone.

Ugh, I figured. For anyone else that's going through this pain, I had to Google Origin's contact number as their site does its best to obfuscate any form of help.

It's 866-543-5435 and you hit 5 at the prompt for Origin. I'm currently on hold. Fuck you, EA.
 

Bboy AJ

My dog was murdered by a 3.5mm audio port and I will not rest until the standard is dead
Alright, I just spoke with a Nathan who helped me out. Pretty decent guy. Obnoxious how the first things they ask are marketing data. They should offer to help me first. I didn't call to be asked what systems I own.
 

Shaneus

Member
Yeah, from what I hear the phone support re: this issue is quite good, but the real question is: why the hell is this still happening? Don't they know what the problem is yet?!?
 
I think I caught someone trying to steal my account a few weeks ago, I got an email saying my Origin password was changed. I wasn't able to log in to origin after that.

Luckily they didn't have a chance to change the email address, so I was able to request another password reset and changed it to a new password. I changed my Origin email password as well just in case.

Still, scary stuff...
 

colt45joe

Banned
just happened to me yesterday, and looked around on google and yeh found this thread and other threads of people going through this.

email was changed, called ea, managed to get account back. actually surprised with how fairly smooth it went. they helped me fairly quickly. they insisted i had fallen for a phishing scam or had a virus or that my gmail had been compromised. if i had a virus/malware/trojan/whatever ,why would they mess with my origin account, and not my gmail account itself or bank account, or something..

they freaked me out still though, so i did virus scan and stuff, but now after reading about a bunch of people having this problem, i'm fairly convinced i dont have a virus.
 

tomi123

Member
This happened to me also. Thank god I used my real date of birth when registering, so it was easy to get my account back.
 

beje

Banned
After this and the whole XBL FIFA packs issue, no way I'm ever buying anything at all through Origin or linking my Nintendo ID.
 
I got fed up with origin so I decided to close my account over three weeks ago. I got a reply a few days ago after nearly a month waiting to which I thought they've forgotten me. He asked for my DOB in the reply. I should expect a reply sometime next year.
 
Sorry to bump an old threa but this just happened to me.

I managed to reset my password before my email was changed but the security questions have been changed to something in russian.

Im on my ipad and cannot find the UK origin phone number anywhere, anybody know what it is?
 

Shaneus

Member
I'd look it up but I'm at work and all game-related stuff is blocked :( Good luck with getting everything sorted again!

Beats me how this is STILL able to happen. Rather than just fix everyone's account again you'd think they'd just work out what the loophole is and close the fuck out of it.
 

Nokterian

Member
This is an extremely silly conclusion to draw from the article you linked.

LastPass:
- Noticed irregular traffic coming from one server
- Immediately disclosed this
- Investigated and did not find any evidence to believe anything was actually hacked
- Based on the amount of the traffic, if data was stolen, it was a very low amount of data, probably fewer than 200 passwords (and thus probably fewer than 10 users)
- The passwords were all encrypted with your master password and per-password salts. LastPass does not know your master password, so even if their entire database is stolen, the hackers are not able to do anything with the data.
- Even if someone did steal all the info, they'd still need to crack your master password, which is supposed to be 12+ (the longer the better) characters and would essentially be uncrackable on their own. My master password is 15 characters including upper, lower, numbers, and symbols; which would have a state-space complexity of about 3.56 * 10^110 to crack. So even were my information stolen, it wouldn't have been cracked. My master password is not as secure as they recommend to begin with.
- LastPass sent out a warning to all users to have them change their master password
- They immediately added two-step verification
- They immediately had multiple external security audits.

So for you to read that and say "welp no such thing as security lastpass sux" is insane. LastPass followed responsible disclosure, it followed security best-practices, there was no evidence that any data was actually stolen, if data was stolen it was extremely limited, and regardless of how much data was stolen, it was useless.

Disclosure: I don't use Lastpass, I use 1Password.

Yes yes. I have it for almost 2 years now also have premium. Best thing ever. Such a relieve and weight from my shoulders. Wanted to say this for a long time when i saw this post before i was on gaf.
 

RdN

Member
From what I remember, hackers have been doing this for a long time in order to gain access to Xbox Live/PSN main accounts.
 

Jawmuncher

Member
I remember when my steam a count got hacked. Luckily I had no games or CC on it so all the user could so was wish list some games. I guess in a vain attempt to try some trades or something. Luckily I squashed it pretty quick. Still no clue how they got acess though.
 

Chronoja

Member
Funny how this thread popped up to the front page, the exact same thing had happened to me

Noticed earlier that my account had been comprimised. Luckily I was able to change my password and get back into my account but it's certainly a shock when you go to log in and find you details are somehow incorrect after months of not even using the service. Even worse when you get the password change email in russian to someone elses name.

At least the hacker managed to unlock a few attachments and medals on bf3 for me. so....thanks for that mr hacker person I guess.
 
Sigh...just happened to me. Trying to reset my password doesn't work as I don't receive the email.

I created a second account just to access the support section and have been waiting on Live chat for at least half an hour now. I really don't want to have to call them as it might cost me a small fortune.
 
So frustrated. The EA guy found my account and said he was sending me a password reset email. The email arrived an hour or so after we finished speaking with a link that takes me to a 404 page. Worse, the email was accompanied by another email addressed to the same person as before (the likely hacker). So now 2 of my email addresses are compromised :/
 

TronLight

Everybody is Mikkelsexual
So like two minutes ago I was just browsing when all of a sudden I've got an Origin pop-up saying that my account was logged in on another computer, and that if I logged in from mine the other whould have been disconnected.
So I did, and nothing seems to be changed. I've already changed my password and secret question.

I've been hacked or was it just some kind of glitch?

So frustrated. The EA guy found my account and said he was sending me a password reset email. The email arrived an hour or so after we finished speaking with a link that takes me to a 404 page. Worse, the email was accompanied by another email addressed to the same person as before (the likely hacker). So now 2 of my email addresses are compromised :/

What? They can access your email from Origin or what?
 
Top Bottom