Truck Month Textbook Trade In Amazon Fashion Learn more nav_sap_cbcc_7_fly_beacon The Jayhawks Fire TV with 4k Ultra HD Beauty Mother's Day Gifts Amazon Gift Card Offer ctstrph2 ctstrph2 ctstrph2  Amazon Echo  Echo Dot  Amazon Tap  Echo Dot  Amazon Tap  Amazon Echo Fire, Only $39.99 Kindle Paperwhite UniOrlando Shop Now SnS
Customer Discussions > Video Games forum

Origin Accounts Hacked

Sort: Oldest first | Newest first
Showing 1-15 of 15 posts in this discussion
Initial post: Nov 14, 2012 6:10:00 AM PST

Origin Accounts Hacked - Maybe Change Your Password

By John Walker on November 14th, 2012 at 1:00 pm.Tweet this

Uh-oh. Eurogamer are reporting that a number of people have woken up this morning to find that their EA Origin account has been hacked. Receiving emails telling them that changes have successfully been made, recipients are not too delighted since they never asked for any. And then of course getting control of their accounts back again is a great big palava. It's even happened to one of Eurogamer's own.

Rather than the phishing scam it might at first appear to be, these really are successfully changed account notifications. Which means someone has got hold of both a username and password of an account holder, and been able to circumnavigate the security that prevents an outsider being able to change such details. Because, as is mostly the norm, there isn't any. I've just loaded my own Origin account, and when logged in all I need to do to change the password is know the old one. That done, the original account holder is locked out. Fairly standard, obviously.

And because your Origin account details are the same as those for your EA profile, with the same info you can log into and change the email address too. The only security check to do that is, obviously, to enter the same password again. Doing this sends an email to your previously registered address, but contains absolutely no information about what it's been changed to. So once someone's been in and changed the details, you've no way of knowing what they've changed both your email address nor password to. They've got complete control of your account, and with that can even change your Origin ID.

Using this account to then buy games isn't immediately possible, however. While Origin stores credit card information, it doesn't store the three digit CSS code, making it have a practical application for the first time ever. And many banks now have that added layer of security requiring yet another password. So it's unlikely they'll be able to go on any sprees, and your card number is obscured other than the last four digits. However, what IS on full display is your home address.

A thread on NeoGAF reveals that this has been happening to a lot of people, over the last few days, and also that EA has not been too impressive in responding. However, one person reports a clever trick for at least finding out some of the email address of the person who's nicked your account - resetting your EA account using a linked account, such as Xbox Live, rewards you with a message saying that an email has been dispatched, and to which domain. Then logging on to the associated XBL account, and downloading EA Sports' app, the full email address was revealed.

EA assures Eurogamer that they are "escalating the matter", but more details have yet to appear. So really the larger concern here is: how were email addresses and passwords of multiple accounts obtained? While very many online games and stores are getting hacked of late, passwords tend to be pretty well protected, and people are usually notified to change them after such an attack. Hopefully EA will be back with some answers soon. Meanwhile, it seems prudent to go change your Origin/EA account password now, just in case.

Posted on Nov 14, 2012 6:12:03 AM PST
Last edited by the author on Nov 14, 2012 6:13:20 AM PST
MrFoxhound says:
For once, my stubborn, blind, unrealistic hatred for something pays off.

Posted on Nov 14, 2012 6:12:47 AM PST

Thanks for the info Capt K.

Posted on Nov 14, 2012 6:15:58 AM PST
klopas says:
Security for all of these client services - Steam, LIVE, PSN, Origin, etc etc., needs a severe overhaul. I'm not a huge fan of the authenticator, but that seems like a secure way of preventing unauthorized access.

Then again, people still use the same password for every single thing they sign up for on the internets.

In reply to an earlier post on Nov 14, 2012 6:21:47 AM PST
Steam isn't too bad if you use their extended security options. If you have different passwords for your email and for steam, others can't log into your account unless they have the authentication codes they email you.

Posted on Nov 14, 2012 6:38:37 AM PST
Last edited by the author on Nov 14, 2012 6:39:04 AM PST
McAwesomeo says:
Oddly enough the "forgot password" link appears not to be working at the moment.

Edit: I take that back, it worked and finally sent a reset link after the 6th attempt.

In reply to an earlier post on Nov 14, 2012 6:47:51 AM PST
Server load, hehe.

In reply to an earlier post on Nov 14, 2012 6:51:18 AM PST
McAwesomeo says:
Wouldn't have been an issue but I took home my USB storage where I keep a backup copy of keepass. Usually I keep that at work and only take it home to update it.

In reply to an earlier post on Nov 14, 2012 6:52:35 AM PST
[Deleted by Amazon on Aug 22, 2013 5:32:54 PM PDT]

In reply to an earlier post on Nov 14, 2012 6:55:17 AM PST
[Deleted by Amazon on Nov 14, 2012 6:57:12 AM PST]

Posted on Nov 14, 2012 7:08:21 AM PST
password changed

Posted on Nov 14, 2012 7:09:45 AM PST
now, how to remember new password?

In reply to an earlier post on Nov 14, 2012 7:10:42 AM PST
McAwesomeo says:
Wow. They deleted mine but not yours, despite the fact that we used the same word. Way to be consistent Amazon.

In reply to an earlier post on Nov 14, 2012 7:18:53 AM PST
They have something against us...

Posted on Nov 14, 2012 7:46:41 AM PST
Well it looks like my account is still safe, not that there is much on there in way of credit card information or even my real information unless they want to know what fake address I made up while deployed lol.

I might have been heart broken if I lost the games that EA gave me for free.
‹ Previous 1 Next ›
[Add comment]
Add your own message to the discussion
To insert a product link use the format: [[ASIN:ASIN product-title]] (What's this?)
Prompts for sign-in

Recent discussions in the Video Games forum

  Discussion Replies Latest Post
OT: What does not being on Facebook mean to you? 17 2 minutes ago
I can't wait for the NX! I wanna see how bad it gets outsold by the PS4. 11 5 minutes ago
OT: This Is The Hoverboard We've All Been Dreaming Of! 5 13 minutes ago
OT: Department of Homeland Security Warns Windows Users to Uninstall QuickTime ASAP 34 14 minutes ago
Corpse Party: Back to School Edition - Nintendo 3DS (Thoughts on the 2nd remake, anyone?) 3 15 minutes ago
Event Pokemon Currently and Future 0 35 minutes ago
OT: WWE Superstar Chyna passes away at 45 37 2 hours ago
12 Games in 12 Months 2016-2017 edition 26 2 hours ago
Should I get a PS4 or Xbox One? 49 3 hours ago
playstation 4 *sony fix these issues* 91 3 hours ago
Dark Souls III Community Help Thread - **Expect Spoilers** 1592 4 hours ago
OT: 2016 NBA Playoffs! 154 4 hours ago

This discussion

Discussion in:  Video Games forum
Participants:  8
Total posts:  15
Initial post:  Nov 14, 2012
Latest post:  Nov 14, 2012

New! Receive e-mail when new posts are made.

Search Customer Discussions