• Register
  • TOS
  • Privacy
  • @NeoGAF

diamount
Banned
(11-12-2012, 05:50 PM)

Originally Posted by Dragon

It's almost as if the article I posted comments that lastpass has security issues of its own and shouldn't be used? Especially when a user is talking about being hacked themselves.

For things such as e-mail and game account's it is an acceptable tool. Financial things like bank accounts you are free to write down a 30 character password and put it in a safe or something, but that's inconvenient and with some due diligence on your part there is no way someone will get the password in the first place.

Even if they do siphon passwords, they are encrypted anyway so unless you are being soley targeted then it's unlikely they'll crack it in any reasonable time.. and if you change your password regularly then there is no chance they'll get it if they've already patched any security leaks.
wutwutwut
Member
(11-12-2012, 05:50 PM)
wutwutwut's Avatar

Originally Posted by Dragon

It's almost as if the article I posted comments that lastpass has security issues of its own and shouldn't be used? Especially when a user is talking about being hacked themselves.

Nothing's perfect.
Stallion Free
Cock Encumbered
(11-12-2012, 05:51 PM)
Stallion Free's Avatar

Originally Posted by Coconut

Last year my steam account was hacked bastards traded away my soldier medal. Steam couldn't do anything for me except grant me access back to my account after a week long process. I feel for you dude, shit is lame.

Did you not have Steam Guard set up?
Coconut
What is a Chobot?
Is that the robot dog?
(11-12-2012, 06:17 PM)
Coconut's Avatar

Originally Posted by Stallion Free

Did you not have Steam Guard set up?

That's only useful if you check your email everyday.
Stallion Free
Cock Encumbered
(11-12-2012, 06:20 PM)
Stallion Free's Avatar

Originally Posted by Coconut

That's only useful if you check your email everyday.

What?
Coconut
What is a Chobot?
Is that the robot dog?
(11-12-2012, 06:26 PM)
Coconut's Avatar

Originally Posted by Stallion Free

What?

They send you an email to confirm any sort of changes to your account, right?
Stallion Free
Cock Encumbered
(11-12-2012, 06:29 PM)
Stallion Free's Avatar

Originally Posted by Coconut

They send you an email to confirm any sort of changes to your account, right?

No, no one can log into your account without the code that is sent to your email. The code is completely random and is sent when login is attempted. Two step verification. Your account can't be touched.
Coconut
What is a Chobot?
Is that the robot dog?
(11-12-2012, 06:40 PM)
Coconut's Avatar

Originally Posted by Stallion Free

No, no one can log into your account without the code that is sent to your email. The code is completely random and is sent when login is attempted. Two step verification. Your account can't be touched.

Oh I don't know I have that now was their a point when this didn't exist maybe it was longer than a year ago.
cicero
by the sweat of thy brow
shalt thou eat bread
and you will be happy
(11-12-2012, 07:24 PM)

Originally Posted by Coconut

Oh I don't know I have that now was their a point when this didn't exist maybe it was longer than a year ago.

It has been available since Mar 16, 2011.

http://store.steampowered.com/news/5123/
Coconut
What is a Chobot?
Is that the robot dog?
(11-12-2012, 07:26 PM)
Coconut's Avatar

Originally Posted by cicero

It has been available since Mar 16, 2011.

http://store.steampowered.com/news/5123/

Then it was pre steam guard.
Shaneus
Member
(11-12-2012, 07:44 PM)
Shaneus's Avatar
Well, woke up to find a tweet reply from that account saying to check my email. Checked, found a link to reset my password, but had to go through and manually re-add my games one-by-one. So once I got service they were fine, but it honestly beats the shit out of me how it could happen to so many accounts all at once.
Gaaraz
Member
(11-14-2012, 10:39 AM)
I've just got this too, the link in the email takes me to a generic FAQs page, and if I try to reset my password again it says the service is unavailable. Sigh.
Shaneus
Member
(11-14-2012, 11:59 AM)
Shaneus's Avatar
Ah shit man, sucks to hear it.

What I would try if I was you:
If it's linked to an XBL or PSN account, download the EA Sports app (I assume it's on PSN, it *is* on 360) and make a note of the name it's registered to.
Look up that email on Origin, see if you can find the user account it's named.
Create a case (I had to, no live chat in Australia, but live chat may work) and put as much info as you can into it. Also, tweet @AskEASupport with the case number, they replied to that specific tweet fairly quickly. I think that was the thing that hurried it along the most.
If you have linked it with your FB, I don't believe they can unlink it. So log in with your FB details and I think you might be able to fix the information that way (but still contact EA support, obv.).

Good luck, man. Keep us all posted with how you go!
Gaaraz
Member
(11-14-2012, 02:21 PM)
Thanks Shaneus, luckily they didn't change my email (unsure why...) so I've managed to recover the account for now at least, but still plenty more to do! Thanks for the great tips
epmode
Member
(11-14-2012, 02:27 PM)
epmode's Avatar
RPS article: http://www.rockpapershotgun.com/2012...your-password/
subversus
I've done nothing with my life except eat and fap
(11-14-2012, 02:31 PM)
subversus's Avatar
nah, it's been going for some time. Just don't use an email you usually use, use the separate, ORIGIN EXCLUSIVE one.

Origin sucks.
SniperHunter
Member
(11-14-2012, 03:10 PM)
SniperHunter's Avatar
so all I have to do is change my password?
TheSeks
Blinded by the luminous glory that is David Bowie's physical manifestation.
(11-14-2012, 03:23 PM)
TheSeks's Avatar

Originally Posted by Shaneus

Ah shit man, sucks to hear it.

What I would try if I was you:
If it's linked to an XBL or PSN account, download the EA Sports app (I assume it's on PSN, it *is* on 360) and make a note of the name it's registered to.
Look up that email on Origin, see if you can find the user account it's named.
Create a case (I had to, no live chat in Australia, but live chat may work) and put as much info as you can into it. Also, tweet @AskEASupport with the case number, they replied to that specific tweet fairly quickly. I think that was the thing that hurried it along the most.
If you have linked it with your FB, I don't believe they can unlink it. So log in with your FB details and I think you might be able to fix the information that way (but still contact EA support, obv.).

Good luck, man. Keep us all posted with how you go!

If it's linked to your PSN, you could just login to EA.com with the PSN login option. It's what I did and how I found out I was hacked in June. Called EA, got it sorted out. You don't need the support app download for that. Dunno about the XBL option, but yeah: having a synced console account may save your ass.
Stumpokapow
AFK, please contact someone else for help
(11-14-2012, 03:24 PM)
Stumpokapow's Avatar

Originally Posted by Dragon

It's almost as if the article I posted comments that lastpass has security issues of its own and shouldn't be used? Especially when a user is talking about being hacked themselves.

This is an extremely silly conclusion to draw from the article you linked.

LastPass:
- Noticed irregular traffic coming from one server
- Immediately disclosed this
- Investigated and did not find any evidence to believe anything was actually hacked
- Based on the amount of the traffic, if data was stolen, it was a very low amount of data, probably fewer than 200 passwords (and thus probably fewer than 10 users)
- The passwords were all encrypted with your master password and per-password salts. LastPass does not know your master password, so even if their entire database is stolen, the hackers are not able to do anything with the data.
- Even if someone did steal all the info, they'd still need to crack your master password, which is supposed to be 12+ (the longer the better) characters and would essentially be uncrackable on their own. My master password is 15 characters including upper, lower, numbers, and symbols; which would have a state-space complexity of about 3.56 * 10^110 to crack. So even were my information stolen, it wouldn't have been cracked. My master password is not as secure as they recommend to begin with.
- LastPass sent out a warning to all users to have them change their master password
- They immediately added two-step verification
- They immediately had multiple external security audits.

So for you to read that and say "welp no such thing as security lastpass sux" is insane. LastPass followed responsible disclosure, it followed security best-practices, there was no evidence that any data was actually stolen, if data was stolen it was extremely limited, and regardless of how much data was stolen, it was useless.

Disclosure: I don't use Lastpass, I use 1Password.
joeygreco1985
Member
(11-14-2012, 03:26 PM)
joeygreco1985's Avatar

Originally Posted by subversus

nah, it's been going for some time. Just don't use an email you usually use, use the separate, ORIGIN EXCLUSIVE one.

Origin sucks.

Yup. I'm doing this for Origin AND Steam :)
iNvid02
Member
(11-14-2012, 03:28 PM)
iNvid02's Avatar

Originally Posted by Stumpokapow

This is an extremely silly conclusion to draw from the article you linked.

LastPass:
- Noticed irregular traffic coming from one server
- Immediately disclosed this
- Investigated and did not find any evidence to believe anything was actually hacked
- Based on the amount of the traffic, if data was stolen, it was a very low amount of data, probably fewer than 200 passwords (and thus probably fewer than 10 users)
- The passwords were all encrypted with your master password and per-password salts. LastPass does not know your master password, so even if their entire database is stolen, the hackers are not able to do anything with the data.
- Even if someone did steal all the info, they'd still need to crack your master password, which is supposed to be 12+ (the longer the better) characters and would essentially be uncrackable on their own. My master password is 15 characters including upper, lower, numbers, and symbols; which would have a state-space complexity of about 3.56 * 10^110 to crack. So even were my information stolen, it wouldn't have been cracked. My master password is not as secure as they recommend to begin with.
- LastPass sent out a warning to all users to have them change their master password
- They immediately added two-step verification
- They immediately had multiple external security audits.

So for you to read that and say "welp no such thing as security lastpass sux" is insane. LastPass followed responsible disclosure, it followed security best-practices, there was no evidence that any data was actually stolen, if data was stolen it was extremely limited, and regardless of how much data was stolen, it was useless.

Disclosure: I don't use Lastpass, I use 1Password.

TheSeks
Blinded by the luminous glory that is David Bowie's physical manifestation.
(11-14-2012, 03:33 PM)
TheSeks's Avatar

Originally Posted by Stallion Free

No, no one can log into your account without the code that is sent to your email. The code is completely random and is sent when login is attempted. Two step verification. Your account can't be touched.

I'm trying to turn this on but it keeps hanging at "Contacting Steam Servers to perform request..." dunno why. Is the servers being hammered or something?

Nevermind, apparently it's on but I don't think I've ever gotten an e-mail from Steam when I'm logging in. Weird. I guess because it's the main PC I generally login from?
Stallion Free
Cock Encumbered
(11-14-2012, 03:41 PM)
Stallion Free's Avatar

Originally Posted by TheSeks

Nevermind, apparently it's on but I don't think I've ever gotten an e-mail from Steam when I'm logging in. Weird. I guess because it's the main PC I generally login from?

Yeah, it has to be on a new platform. It would be stupid if they made you input a random code on your home PC every time you started up steam. Open up a browser that you have never logged into the Steam website on to see the process.
Tess3ract
Banned
(11-14-2012, 09:59 PM)
My origin/ea thing is fine
Shaneus
Member
(11-14-2012, 10:09 PM)
Shaneus's Avatar

Originally Posted by TheSeks

If it's linked to your PSN, you could just login to EA.com with the PSN login option. It's what I did and how I found out I was hacked in June. Called EA, got it sorted out. You don't need the support app download for that. Dunno about the XBL option, but yeah: having a synced console account may save your ass.

Yeah, I actually just remembered that when logging in via the web it gives an option to login via FB or PSN authentication.

Would someone here be able to quote the article from RPS in this thread? I can't get to it from work and I'd love to see what they have to say about it.

subversus: What's the reasoning behind using a different email account for the service than for other ones? Is it that it's easier to find out your email account via other services and use that as some kind of proof that you're the account owner?
Shaneus
Member
(11-15-2012, 09:59 AM)
Shaneus's Avatar
Kotaku article: http://kotaku.com/5960503/origin-use...g-hacked-a-lot

Edit: Didn't realise both articles linked here. That's a thing, I guess.
Last edited by Shaneus; 11-15-2012 at 10:25 AM.
Mavromatis
Member
(11-15-2012, 06:17 PM)
Mavromatis's Avatar
Mine isn't hacked, so let's move to the next logical step. Free games for the inconvenience.
Also I have so many different yet same Origin, EA, Pogo or whatever site they use, accounts that I probably can't change my passwords without locking myself out.
Last edited by Mavromatis; 11-15-2012 at 06:29 PM.
Imbarkus
Member
(11-20-2012, 10:08 PM)
Imbarkus's Avatar
Somehow my daughter's account got hacked, which would have been a severe bummer since she's got everything Sims on it.

But I had a great experience today with Terrence at EA support. Guy was solid, sharp, knew his stuff, did all he could to help identify the account.

Got control of it back today. Maybe 1/2 hour and I'm done. I've spent 3 times that long just waiting for Blizzard to get on the phone.

Had to come here and give the EA support the props they are due....
Bboy AJ
Talks to himself
(12-07-2012, 08:55 PM)
Bboy AJ's Avatar
Oh what the fuck. I just got a password changed email. I don't even use this shit. And it's a pain to figure out how to contact them. The Contact Us button leads to the forums or something.
Prozel
Member
(12-07-2012, 08:58 PM)
Prozel's Avatar

Originally Posted by Bboy AJ

I just got a password changed email.

You are not alone.

Cipherr
Member
(12-07-2012, 09:00 PM)
Cipherr's Avatar

Originally Posted by Prozel

You are not alone.

gotdamn
Bboy AJ
Talks to himself
(12-07-2012, 09:01 PM)
Bboy AJ's Avatar

Originally Posted by Prozel

You are not alone.

Ugh, I figured. For anyone else that's going through this pain, I had to Google Origin's contact number as their site does its best to obfuscate any form of help.

It's 866-543-5435 and you hit 5 at the prompt for Origin. I'm currently on hold. Fuck you, EA.
Bboy AJ
Talks to himself
(12-07-2012, 09:10 PM)
Bboy AJ's Avatar
Alright, I just spoke with a Nathan who helped me out. Pretty decent guy. Obnoxious how the first things they ask are marketing data. They should offer to help me first. I didn't call to be asked what systems I own.
Shaneus
Member
(12-07-2012, 09:30 PM)
Shaneus's Avatar
Yeah, from what I hear the phone support re: this issue is quite good, but the real question is: why the hell is this still happening? Don't they know what the problem is yet?!?
joeygreco1985
Member
(12-07-2012, 09:37 PM)
joeygreco1985's Avatar
I think I caught someone trying to steal my account a few weeks ago, I got an email saying my Origin password was changed. I wasn't able to log in to origin after that.

Luckily they didn't have a chance to change the email address, so I was able to request another password reset and changed it to a new password. I changed my Origin email password as well just in case.

Still, scary stuff...
colt45joe
Member
(12-08-2012, 02:36 AM)
just happened to me yesterday, and looked around on google and yeh found this thread and other threads of people going through this.

email was changed, called ea, managed to get account back. actually surprised with how fairly smooth it went. they helped me fairly quickly. they insisted i had fallen for a phishing scam or had a virus or that my gmail had been compromised. if i had a virus/malware/trojan/whatever ,why would they mess with my origin account, and not my gmail account itself or bank account, or something..

they freaked me out still though, so i did virus scan and stuff, but now after reading about a bunch of people having this problem, i'm fairly convinced i dont have a virus.
Last edited by colt45joe; 12-08-2012 at 02:39 AM.
tomi123
Member
(12-10-2012, 01:19 PM)
tomi123's Avatar
This happened to me also. Thank god I used my real date of birth when registering, so it was easy to get my account back.
beje
Banned
(12-10-2012, 01:27 PM)
beje's Avatar
After this and the whole XBL FIFA packs issue, no way I'm ever buying anything at all through Origin or linking my Nintendo ID.
flipswitch
Member
(12-10-2012, 01:48 PM)
flipswitch's Avatar
I got fed up with origin so I decided to close my account over three weeks ago. I got a reply a few days ago after nearly a month waiting to which I thought they've forgotten me. He asked for my DOB in the reply. I should expect a reply sometime next year.
neva-
Member
(01-21-2013, 06:59 PM)
neva-'s Avatar
Sorry to bump an old threa but this just happened to me.

I managed to reset my password before my email was changed but the security questions have been changed to something in russian.

Im on my ipad and cannot find the UK origin phone number anywhere, anybody know what it is?
Shaneus
Member
(01-21-2013, 11:11 PM)
Shaneus's Avatar
I'd look it up but I'm at work and all game-related stuff is blocked :( Good luck with getting everything sorted again!

Beats me how this is STILL able to happen. Rather than just fix everyone's account again you'd think they'd just work out what the loophole is and close the fuck out of it.
Nokterian
Member
(01-21-2013, 11:40 PM)
Nokterian's Avatar

Originally Posted by Stumpokapow

This is an extremely silly conclusion to draw from the article you linked.

LastPass:
- Noticed irregular traffic coming from one server
- Immediately disclosed this
- Investigated and did not find any evidence to believe anything was actually hacked
- Based on the amount of the traffic, if data was stolen, it was a very low amount of data, probably fewer than 200 passwords (and thus probably fewer than 10 users)
- The passwords were all encrypted with your master password and per-password salts. LastPass does not know your master password, so even if their entire database is stolen, the hackers are not able to do anything with the data.
- Even if someone did steal all the info, they'd still need to crack your master password, which is supposed to be 12+ (the longer the better) characters and would essentially be uncrackable on their own. My master password is 15 characters including upper, lower, numbers, and symbols; which would have a state-space complexity of about 3.56 * 10^110 to crack. So even were my information stolen, it wouldn't have been cracked. My master password is not as secure as they recommend to begin with.
- LastPass sent out a warning to all users to have them change their master password
- They immediately added two-step verification
- They immediately had multiple external security audits.

So for you to read that and say "welp no such thing as security lastpass sux" is insane. LastPass followed responsible disclosure, it followed security best-practices, there was no evidence that any data was actually stolen, if data was stolen it was extremely limited, and regardless of how much data was stolen, it was useless.

Disclosure: I don't use Lastpass, I use 1Password.

Yes yes. I have it for almost 2 years now also have premium. Best thing ever. Such a relieve and weight from my shoulders. Wanted to say this for a long time when i saw this post before i was on gaf.
RdN
Member
(01-21-2013, 11:43 PM)
RdN's Avatar
From what I remember, hackers have been doing this for a long time in order to gain access to Xbox Live/PSN main accounts.
Jawmuncher
(01-21-2013, 11:51 PM)
Jawmuncher's Avatar
I remember when my steam a count got hacked. Luckily I had no games or CC on it so all the user could so was wish list some games. I guess in a vain attempt to try some trades or something. Luckily I squashed it pretty quick. Still no clue how they got acess though.
Chronoja
Member
(01-22-2013, 12:10 AM)
Chronoja's Avatar
Funny how this thread popped up to the front page, the exact same thing had happened to me

Noticed earlier that my account had been comprimised. Luckily I was able to change my password and get back into my account but it's certainly a shock when you go to log in and find you details are somehow incorrect after months of not even using the service. Even worse when you get the password change email in russian to someone elses name.

At least the hacker managed to unlock a few attachments and medals on bf3 for me. so....thanks for that mr hacker person I guess.
test_account
XP-39Cē
(01-22-2013, 12:14 AM)
test_account's Avatar

Originally Posted by neva-

Im on my ipad and cannot find the UK origin phone number anywhere, anybody know what it is?

I found this on a forum: UK: 08702432435 (9am-10pm CST)

http://forum.p-stats.com/threads/142...ll=1#post70075
Jaded Alyx
(01-22-2013, 12:34 AM)
Jaded Alyx's Avatar
Sigh...just happened to me. Trying to reset my password doesn't work as I don't receive the email.

I created a second account just to access the support section and have been waiting on Live chat for at least half an hour now. I really don't want to have to call them as it might cost me a small fortune.
Jaded Alyx
(01-22-2013, 01:22 AM)
Jaded Alyx's Avatar
Finally got through to someone in Live Chat...he seems nice enough..

Jaded Alyx
(01-22-2013, 02:48 AM)
Jaded Alyx's Avatar
So frustrated. The EA guy found my account and said he was sending me a password reset email. The email arrived an hour or so after we finished speaking with a link that takes me to a 404 page. Worse, the email was accompanied by another email addressed to the same person as before (the likely hacker). So now 2 of my email addresses are compromised :/
TronLight
Member
(01-25-2013, 03:57 PM)
TronLight's Avatar
So like two minutes ago I was just browsing when all of a sudden I've got an Origin pop-up saying that my account was logged in on another computer, and that if I logged in from mine the other whould have been disconnected.
So I did, and nothing seems to be changed. I've already changed my password and secret question.

I've been hacked or was it just some kind of glitch?

Originally Posted by Jaded Alyx

So frustrated. The EA guy found my account and said he was sending me a password reset email. The email arrived an hour or so after we finished speaking with a link that takes me to a 404 page. Worse, the email was accompanied by another email addressed to the same person as before (the likely hacker). So now 2 of my email addresses are compromised :/

What? They can access your email from Origin or what?
Last edited by TronLight; 01-25-2013 at 04:02 PM.

Thread Tools