EA/Origin account hacked: Is this a new thing?

Jul 26, 2004
38,258
2
1,320
Geelong, Australia
www.shaneus.com
#1
Story goes, received an email very early Friday morning last week (around 4:00am Australia time) about my email address being changed for my Origin account. Didn't think anything of it (I first saw the email when I woke up for work early on Friday and quickly forgot about it).

Tried getting in today, Origin doesn't recognise my username. Or my email address. Had to create a new, dummy account just so i could raise a case about my old account because basically *all* the details must have been changed in it.

This appears to be a fresh wave, too. Possibly coinciding with the ability to change an Origin username at will (though I'm not sure exactly when this was implemented).

Here are some links to threads on their forum from within the last few days that contain individual cases of this exact same thing happening:

http://forum.ea.com/eaforum/posts/list/9103555.page#25793355
http://forum.ea.com/eaforum/posts/list/9101301.page#25793716
http://forum.ea.com/eaforum/posts/list/9103642.page#25793865
http://forum.ea.com/eaforum/posts/list/9104046.page#25797583
http://forum.ea.com/eaforum/posts/list/9101467.page#25793219
http://forum.ea.com/eaforum/posts/list/9099525.page#25792872
http://forum.ea.com/eaforum/posts/list/9102083.page#25789342
http://forum.ea.com/eaforum/posts/list/9102043.page#25784876
http://forum.ea.com/eaforum/posts/list/9101810.page#25784311
http://forum.ea.com/eaforum/posts/list/9102043.page#25784876
They're just the ones I could find using their very limited search option on their forums. Of note is that they're all literally within the last few days or so.

I can't recall if there was anything incredibly sensitive in there (I don't remember using a credit card at all with that account, just used it to register keys bought from Amazon etc.) but exactly the same thing is happening to a LOT of people.

This guy could probably offer a better explanation of what's happening (though it goes for 20 minutes, so don't get too excited):
http://www.youtube.com/watch?v=KJUtpJPpyMw

So, if you haven't checked in on your Origin account recently, you should login and make sure that everything is working fine. I didn't have anything that could've been guessed about my account (such as the password, security questions etc.) yet my account has been certainly hijacked.

It also exposes a huge, gaping flaw in EA's security system, given that:
a) there's no mention in the email of what it was changed *from*
b) there isn't a confirmation asking for the email address to be changed
c) people trying to raise cases about this with their online help/chat thing are getting knocked back because they have their own dates of birth wrong



Anyone else here having problems?
 
Dec 5, 2008
8,275
2
0
#3
Origin have a security loop hole. My team mates BF3 was hacked by a website that hacks accounts with a program rather than knowing your log in data.
 
Jul 12, 2005
7,030
2
0
#8
Every time I log into my origin account (I don't save my password so I have to enter it in manually) it says my username/origin account/ password) is wrong. This has happened twice in the past hour or so.

I have to choose forget password in which I enter my email address, then they send me this huge code to reset my password.

I am just going to close my origin account. Fed up.
 
Jul 26, 2004
38,258
2
1,320
Geelong, Australia
www.shaneus.com
#10
Every time I log into my origin account (I don't save my password so I have to enter it in manually) it says my username/origin account/ password) is wrong. This has happened twice in the past hour or so.

I have to choose forget password in which I enter my email address, then they send me this huge code to reset my password.

I am just going to close my origin account. Fed up.
I don't think you've been affected by this though (or at least, not exactly the same thing) because you can actually use your existing email account to reset your password. Because whoever it was changed both my account name AND my email address, I have no way of knowing what they were set to.

The guy's video I posted said he was lucky because he'd used the Facebook authentication as well and the hijackers had forgotten to change it (or it can't be removed, perhaps?) but if you're account's been broken into and your username and email have been changed, what hope do you have of getting anything back yourself?

Fucking pathetic work by EA. I wonder if it affects pre-Origin games like The Saboteur as well. I'll have to try that tonight. Until then, no Autolog for NFS:HP either. I'd be even more pissed as hell if I'd bought NFS:MW and couldn't play it (potentially even losing progress) as well.

I'm still not sure how they can change that email in the first place, because I think that's the core of the issue. Obviously they're bypassing whatever confirmation is normally needed to do such a thing, because I don't think they're getting into accounts right away via brute forcing a password. My gut says they're social engineering the account to get EA to change the email address... and I think the key is the DOB which they're probably guessing randomly via bots or something.
 
Jul 26, 2004
38,258
2
1,320
Geelong, Australia
www.shaneus.com
#11
Ah ha! Double post, but worth the bump.

You can reset your EA account using a linked account, such as an XBL tag. I did that, and got this:


I just wish I could login using my XBL account rather than the Origin one :(


Edit: YES! FUCKING AWESOME! Sort of.
For those following, it looks like the link to my XBL account still worked, so I was able to download the EA Sports "app" on the 360 and log into it to suss out some info:


The fucking thing won't let me change the email ("Unable to update your account info at this time") but at least I can see the email they used. I can't see the account name though, I don't think. But it's a start!
 
Jan 27, 2005
5,328
0
0
#12
Both my accounts that I've never used seem fine. lol Still I want to close them, but apparently have to contact customer service for this. :(
 
Aug 2, 2011
2,529
0
0
#14
This is why I use Gmail for my emails and then use its secondary confirmation thingie whenever someone tries to access it on a different computer. Unless they have a way of knowing your Origin account's password firsthand, they have to have the password reset and sent to your email, and unless they can access your email, they're still stuck.
 
Jul 26, 2004
38,258
2
1,320
Geelong, Australia
www.shaneus.com
#15
So, I might try with something that isn't EA Sports. Can anyone think of a demo that would use EA's online shit that is just a regular game?

Edit: I've tried Burnout Paradise and Brutal Legend, they're the only ones I could think of. I'm not sure if there's anything EA/Origin related connected to Rock Band, but that might be something else to check.
 
Oct 21, 2010
2,559
0
0
#17
I'm trying to get my account back for 3 weeks now. I don't remember what I've put in as my birthday. So they say I'm basically fucked. Apparently having the keys from your games isnt enough proof. Fuck you ea
So you didn't put your correct date of birth in, meaning that they can't identify you and it's EA's fault?

*smh*
 
Oct 2, 2010
9,673
0
0
Poland
#18
So you didn't put your correct date of birth in, meaning that they can't identify you and it's EA's fault?

*smh*
yeah that shitty if they don't tell you that it will be used for account recovery. It is the same as using precision adress. , . ; all that things are fucking stupid. If someone stole your password you birth date also could be changed already same as almost any other information.

So "smh" dude

I was in same position as him with my first US account after PSN fiasco.
 
Nov 7, 2004
11,330
0
0
#19
happened to me a few months back, but customer support fixed it for me without too much trouble.

i only have 1-2 games on there and have never even used the service.
 
Jun 10, 2012
0
0
0
#21
It was bound to happen. Every service that uses accounts is targeted at some point in time. Hopefully EA can iron their security issues out quickly. And those of you complaining about EA using your date of birth to identify your account, well, I guess that'll teach you to enter a bogus birthdate since many companies use the same method to check identities.

Origin have a security loop hole. My team mates BF3 was hacked by a website that hacks accounts with a program rather than knowing your log in data.
Hacked by a website that hacks accounts. Gee, I wonder what they were doing on this website? Sounds like one of those "FREE ORIGIN GAMES" or "RANK UP IN BF3 AUTOMATICALLY" scam websites and they fell for it.
 
Oct 21, 2010
2,559
0
0
#22
yeah that shitty if they don't tell you that it will be used for account recovery. It is the same as using precision adress. , . ; all that things are fucking stupid. If someone stole your password you birth date also could be changed already same as almost any other information.

So "smh" dude

I was in same position as him with my first US account after PSN fiasco.
Lol wut?

1 - EA need to prove your identity to ensure you are correct account owner

2 - DOB is easiest way of doing this. Entered a bogus DOB? Fail

3 - If the address wasn't a "precision adress" (sic) ie - you had it slightly incorrect, I am sure they would be able to establish you were the correct owner by the information you were able to provide about the account. Regardless, address is not a recognised way of proving identity as someone's address information is a lot more public domain than their DOB (usually DOB in conjunction with some other information that only you would know, such as payment methods, secret word etc)

4 - If someone stole your password and changed your DOB do you not think that would be visible to the customer service rep who would be able to tell what your original DOB was?

Essentially, for someone to lose access to their account here they have to have a) visited a dodgy website and downloaded some malware to perform some such "function"; b) not given a legitimate date of birth on registration. There are many, many things that EA can quite rightfully be called out on, but there is no way on earth that EA should be taking the hit for end-user stupidity.
 
Jul 26, 2004
38,258
2
1,320
Geelong, Australia
www.shaneus.com
#23
Which one of those would I fall into? My DOB certainly wasn't fake on registration (I don't know how that would lead to an account being compromised anyway, even if it's fake it's still essentially a random number) and I assure you I haven't logged into any even remotely suspicious websites that use the same login I used for Origin.

The fact that there are so many cases that have popped up within the space of a few days indicates that there's something inherently wrong with EA's security surrounding accounts, not the users.

But hey, feel free to blame the end-user on this. I'm sure they all *adore* hearing how stupid they are right after they lost access to potentially hundreds of dollars worth of games.
 

TheSeks

Blinded by the luminous glory that is David Bowie's physical manifestation.
Feb 14, 2009
56,116
0
800
#24
Nope. Had mine hacked this summer by a Russian kid. Yes, it royally sucks to call Origin to get your account back.
 

Stumpokapow

listen to the mad man
May 21, 2006
17,232
3
0
#26
Essentially, for someone to lose access to their account here they have to have a) visited a dodgy website and downloaded some malware to perform some such "function"; b) not given a legitimate date of birth on registration. There are many, many things that EA can quite rightfully be called out on, but there is no way on earth that EA should be taking the hit for end-user stupidity.
As has already been said in this thread, EA has merged in several account databases over the years, including accounts that do not have DOBs.
 
Nov 27, 2007
3,518
0
0
#31
If I'm remembering correctly, some of the accounts they merged into their system didn't have birth dates on record.
Or it was a crappy throwaway account that EA forced you to make just to play multiplayer on console so you just put in whatever you could enter fastest... and then EA turned it into a full blown EA/Origin account later on without even asking.
 
Jul 26, 2004
38,258
2
1,320
Geelong, Australia
www.shaneus.com
#32
Well, looking up that email address used in Origin has brought up this little cunt's profile:


For some reason, it looks like the support case I created has completely disappeared (or I'm just not looking in the right support area, their support/feedback area is a fucking mess) so I'm going to create another case and put in the existing case's reference number.

What a fucking joke.
 
Mar 21, 2010
3,550
0
0
Belgium, Ghent
#33
So you didn't put your correct date of birth in, meaning that they can't identify you and it's EA's fault?

*smh*
As far as i can remember i put in my real date of birth like i do with all my accounts, i must have made a little mistake.

And having only 1 way to ensure it is that persons account is fucking retarded.
They basically said i was never getting it back despite having the email, account persona's, receipts, the visa number i used and the redeem codes for my games.

go shake your head some more, it is fucking stupid.
 
Apr 24, 2012
1,245
0
0
UK
#34
Holy sh*t I just got one of these emails.... and low and behold, tried logging into origin and it no longer works!

Godamnit! F**king scumbag haxk0rs!

So what is the fastest way to get this sorted? Is there a UK phone number I can ring?
 
Aug 27, 2009
8,704
0
720
#35
Shit like this makes me want to stop gaming. Every other week someone is getting hacked. I just want to play games. Not log in to 30 different servers just to get a game.
 

Stallion Free

Cock Encumbered
Jan 21, 2009
29,933
0
0
Connecticut, U.S.
steamcommunity.com
#37
Shit like this scares me. I couldn't imagine losing my Steam account to a hacker.
Thank god for Steam Guard. It allowed me to stop worry about my little brother with his Steam account (he got it stolen once prior to Steam Guard). I just had to make sure he used different passwords for his Steam and e-mail lol.
 

RionaaM

Unconfirmed Member
Jul 6, 2012
14,850
0
0
#38
This is outrageous. I demand more free games to ease me.

I hope they haven't stolen any CC number. Shame on EA for having a system with bad security measures.
 
May 26, 2012
9,547
0
0
#39
Origin have a security loop hole. My team mates BF3 was hacked by a website that hacks accounts with a program rather than knowing your log in data.
Or your friends use predictable/the same passwords for everything they have. That is usually the case of when game accounts get compromised, I learned the hard way with Guild Wars 2 and now I use lastpass for everything now.
 
Jun 7, 2010
8,533
0
0
Guns Capital
#42
Its amazing how stupid EA is in some ways compared to valve while intelligent in others. Valve cant grasp the concept of me deleting steam could data easily. You have to fuck around with desyncing and then deleting folders named random gibberish of numbers. EA just has a single button you press. A single damn button.

Yet here we are where EA cant make a proper system to retrieve stolen accounts or secure them in a redundant fashion.
 
Apr 24, 2012
1,245
0
0
UK
#43
Just got off the phone with EA support, have access back to my account again now... what a pain in the ass, it had been hacked by somebody and renamed to "stainlessup2" whatever the fuck that is.

Mother f**kers.

Have spent the last 30 mins changing all my passwords everywhere I can think of =0)

EDIT - just spoke to one of my friends, and completely coincidentally they were hacked today as well. I have also noticed a few posts on the official EA forums about it, so something went down today for sure.
 
May 26, 2012
9,547
0
0
#44
Just got off the phone with EA support, have access back to my account again now... what a pain in the ass, it had been hacked by somebody and renamed to "stainlessup2" whatever the fuck that is.

Mother f**kers.

Have spent the last 30 mins changing all my passwords everywhere I can think of =0)

EDIT - just spoke to one of my friends, and completely coincidentally they were hacked today as well. I have also noticed a few posts on the official EA forums about it, so something went down today for sure.
Use lastpass man, makes using different passwords a breeze.
 

Bisnic

Really Really Exciting Member!
Dec 5, 2008
21,749
0
0
Tuchanka
#45
Holy sh*t I just got one of these emails.... and low and behold, tried logging into origin and it no longer works!

Godamnit! F**king scumbag haxk0rs!

So what is the fastest way to get this sorted? Is there a UK phone number I can ring?
The way you wrote that post, its like you got the email and clicked on the link in it that gave you whatever malware that stole your account before posting here.

Please tell me that im wrong.