Hill Climb Racing 2 Industrial Deals Beauty Little FIres Everywhere Shop new men's suiting nav_sap_hiltonhonors_launch Learn more about Amazon Music Unlimited PCB for Musical Instruments Starting at $39.99 Grocery Handmade Tote Bags Book a house cleaner for 2 or more hours on Amazon Transparent Transparent Transparent  Introducing Echo Show Introducing All-New Fire HD 10 with Alexa hands-free $149.99 Kindle Oasis, unlike any Kindle you've ever held AutoRip in CDs & Vinyl Tailgating FFII_gno
Customer Discussions > Video Games forum

Origin Accounts Hacked

Sort: Oldest first | Newest first
Showing 1-15 of 15 posts in this discussion
Initial post: Nov 14, 2012, 6:10:00 AM PST

Origin Accounts Hacked - Maybe Change Your Password

By John Walker on November 14th, 2012 at 1:00 pm.Tweet this

Uh-oh. Eurogamer are reporting that a number of people have woken up this morning to find that their EA Origin account has been hacked. Receiving emails telling them that changes have successfully been made, recipients are not too delighted since they never asked for any. And then of course getting control of their accounts back again is a great big palava. It's even happened to one of Eurogamer's own.

Rather than the phishing scam it might at first appear to be, these really are successfully changed account notifications. Which means someone has got hold of both a username and password of an account holder, and been able to circumnavigate the security that prevents an outsider being able to change such details. Because, as is mostly the norm, there isn't any. I've just loaded my own Origin account, and when logged in all I need to do to change the password is know the old one. That done, the original account holder is locked out. Fairly standard, obviously.

And because your Origin account details are the same as those for your EA profile, with the same info you can log into profile.ea.com and change the email address too. The only security check to do that is, obviously, to enter the same password again. Doing this sends an email to your previously registered address, but contains absolutely no information about what it's been changed to. So once someone's been in and changed the details, you've no way of knowing what they've changed both your email address nor password to. They've got complete control of your account, and with that can even change your Origin ID.

Using this account to then buy games isn't immediately possible, however. While Origin stores credit card information, it doesn't store the three digit CSS code, making it have a practical application for the first time ever. And many banks now have that added layer of security requiring yet another password. So it's unlikely they'll be able to go on any sprees, and your card number is obscured other than the last four digits. However, what IS on full display is your home address.

A thread on NeoGAF reveals that this has been happening to a lot of people, over the last few days, and also that EA has not been too impressive in responding. However, one person reports a clever trick for at least finding out some of the email address of the person who's nicked your account - resetting your EA account using a linked account, such as Xbox Live, rewards you with a message saying that an email has been dispatched, and to which domain. Then logging on to the associated XBL account, and downloading EA Sports' app, the full email address was revealed.

EA assures Eurogamer that they are "escalating the matter", but more details have yet to appear. So really the larger concern here is: how were email addresses and passwords of multiple accounts obtained? While very many online games and stores are getting hacked of late, passwords tend to be pretty well protected, and people are usually notified to change them after such an attack. Hopefully EA will be back with some answers soon. Meanwhile, it seems prudent to go change your Origin/EA account password now, just in case.

Posted on Nov 14, 2012, 6:12:03 AM PST
Last edited by the author on Nov 14, 2012, 6:13:20 AM PST
MrFoxhound says:
For once, my stubborn, blind, unrealistic hatred for something pays off.

Posted on Nov 14, 2012, 6:12:47 AM PST

Thanks for the info Capt K.

Posted on Nov 14, 2012, 6:15:58 AM PST
klopas says:
Security for all of these client services - Steam, LIVE, PSN, Origin, etc etc., needs a severe overhaul. I'm not a huge fan of the authenticator, but that seems like a secure way of preventing unauthorized access.

Then again, people still use the same password for every single thing they sign up for on the internets.

In reply to an earlier post on Nov 14, 2012, 6:21:47 AM PST
Steam isn't too bad if you use their extended security options. If you have different passwords for your email and for steam, others can't log into your account unless they have the authentication codes they email you.

Posted on Nov 14, 2012, 6:38:37 AM PST
Last edited by the author on Nov 14, 2012, 6:39:04 AM PST
McAwesomeo says:
Oddly enough the "forgot password" link appears not to be working at the moment.

Edit: I take that back, it worked and finally sent a reset link after the 6th attempt.

In reply to an earlier post on Nov 14, 2012, 6:47:51 AM PST
Server load, hehe.

In reply to an earlier post on Nov 14, 2012, 6:51:18 AM PST
McAwesomeo says:
Wouldn't have been an issue but I took home my USB storage where I keep a backup copy of keepass. Usually I keep that at work and only take it home to update it.

In reply to an earlier post on Nov 14, 2012, 6:52:35 AM PST
[Deleted by Amazon on Aug 22, 2013, 5:32:54 PM PDT]

In reply to an earlier post on Nov 14, 2012, 6:55:17 AM PST
[Deleted by Amazon on Nov 14, 2012, 6:57:12 AM PST]

Posted on Nov 14, 2012, 7:08:21 AM PST
password changed

Posted on Nov 14, 2012, 7:09:45 AM PST
now, how to remember new password?

In reply to an earlier post on Nov 14, 2012, 7:10:42 AM PST
McAwesomeo says:
Wow. They deleted mine but not yours, despite the fact that we used the same word. Way to be consistent Amazon.

In reply to an earlier post on Nov 14, 2012, 7:18:53 AM PST
They have something against us...

Posted on Nov 14, 2012, 7:46:41 AM PST
Well it looks like my account is still safe, not that there is much on there in way of credit card information or even my real information unless they want to know what fake address I made up while deployed lol.

I might have been heart broken if I lost the games that EA gave me for free.
‹ Previous 1 Next ›
[Add comment]
Add your own message to the discussion
To insert a product link use the format: [[ASIN:ASIN product-title]] (What's this?)
Prompts for sign-in

Recent discussions in the Video Games forum


This discussion

Discussion in:  Video Games forum
Participants:  8
Total posts:  15
Initial post:  Nov 14, 2012
Latest post:  Nov 14, 2012

New! Receive e-mail when new posts are made.