Some Origin users are having their accounts hacked

All of EA’s hard work to make Origin comparable to Steam seems to paying off—but, at least this week, not quite in the way some users might like. Eurogamer reports that some EA Origin users, including one of Eurogamer’s own writers, have had their accounts hijacked over the past couple of days.

Richard Leadbetter, who writes for the site’s Digital Foundry section, apparently received an unprompted e-mail from Origin notifying him of a successful password change. A thread on the NeoGAF forums shows a number of other users have received similar notifications about password and e-mail address changes. None of those folks requested the changes themselves, of course.

After a little poking around, the user who started the NeoGAF thread found that his account had become tied to a Russian e-mail address. In his case, EA support was eventually able to straighten everything out. His initial post has links to quite a few threads on the official EA forums describing similar problems. Eurogamer says it’s still waiting on an official response from the Origin team. Meanwhile, Leadbetter is reportedly still waiting to hear back from EA’s support staff, who told him they’re “escalating” the issue.

Update: EA has responded to Eurogamer, but not with anything terribly helpful. The response is a boilerplate message that advises users to contact Origin Help if they’re having issues. It adds, “The robust security measures in place to protect Origin users accounts are constantly being expanded and upgraded, and we also strongly recommend customers take the protective steps of using strong passwords and changing passwords often.”

Comments closed
    • Berzerk101
    • 8 years ago

    My account was hacked too on the first week of September. Curiously 2 days after my Origin account was hacked, I had illegal purchases made on my credit card….the same used to buy BF3 on Origin….

    • ShadowTiger
    • 8 years ago

    Changing passwords often reduces security since people are forced to come up with multiple easy to remember passwords. (Or just get frustrated and stop changing it).

    Better to recommend they don’t share the same password/email combo with other sites, which could get hacked even if Origin is perfectly secure.

    Security isn’t a common sense issue, you can’t just regurgitate what you heard someone else say once.

    • squeeb
    • 8 years ago

    They badly need a 2step system in place.

    • l33t-g4m3r
    • 8 years ago

    Anybody still want to vouch for Origin? It would really be nice if I could buy BF3 and not use that service, but it won’t happen until people stop buying things off Origin.

      • Ryu Connor
      • 8 years ago

      Sure, I will.

      It’s a reasonable platform. Still not full featured as Steam, but it does what it intends to do well enough.

      Their US phone support is [url=https://techreport.com/forums/viewtopic.php?f=12&t=84168<]rather fantastic[/url<]. Their web based support is outsourced and only passable, but it's still a better avenue than the mess that is Steam support. Until we have more details there's nothing yet to prove this is a failing of Origin's defenses. It is far more likely a failing of the users. If it is the failing of Origin's defenses they'll join rather vaunted company that includes Steam and Blizzard.

        • l33t-g4m3r
        • 8 years ago

        Is it reasonable like impulse used to be, or is it reasonable because that’s the only way to play BF3? Selling out isn’t a legitimate basis for use, that’s just selling out, and selling out ruins things for the rest of us.

          • Ryu Connor
          • 8 years ago

          I went ahead and ported all my EA games from Steam over to Origin.

          I liked that it gave that option. If I want to play it on Steam I can, if I want Origin I can.

          For a number of titles they presented some simple value add options. The [i<]Mass Effect[/i<] series and the [i<]Dead Space[/i<] series gained cloud support. This was a nice addition as it allowed me to have synchronized saves between my desktop and laptop without having to drag folders back and forth. So reasonable as in it gets the job done, not because it is an only choice. I'm waiting for it to expand the feature set further. I'd like for them to improve the overlay (it can be quirky at times) and I'd like to see a better backup mechanism (it has one, but it's very roughshod). EA seems rather vested into this. So it'll start matching Steam feature for feature soon I presume.

      • Airmantharp
      • 8 years ago

      If you’re waiting to get BF3 outside of Origin, you’re never playing the game. Or any other EA game.

      May be fine with you, but I’ve become a fan of DICE and Bioware; and I haven’t had any real trouble with Origin. At worst, I’ve been forced to do a password change lately, but it seemed that everyone in my community accessing it at the same time had that problem.

    • Thanato
    • 8 years ago

    My account got hacked no more BF3 for me. Origin support looked into it and told me it was hacked, but the crux of their security is the account holders birth date. Which for me was a random date so I’m out of luck atm. Though I never got an email stating my account was changed I wasn’t so lucky. Their support system good, easy to access, the people I talked with where at there best to be helpful. But damn I have a physical copy of the game and it mean nothin to em. After this there is no way I would trust Origin with a huge collection of games on one account, unless they made some huge changes in their security.

    • syndicatedragon
    • 8 years ago

    The big issue is that apparently you can change the password and email address of an account with just a password and without any sort of secondary verification. People are getting emails saying “oh, btw, your password/email address changed” and that’s it, their account is gone. Pretty lame, especially considering that Steam has had “Steam Guard” for a long time now which would have stopped this kind of attack cold.

      • Thanato
      • 8 years ago

      There’s nothing to stop the change in an account from being in inside job with out proper notification in my opinion.

        • SHOES
        • 8 years ago

        What does that even mean?!

          • Thanato
          • 8 years ago

          It’s just crazy speculation. Since I had my account stolen, I was told by Origin it was hacked, but I didn’t remember the birthdate that I entered into my account so I’m out of luck. They told me it was hacked, they told me they could see that the account email address changed many time very recently (somewhere in Germany), yet even after telling me that they couldn’t help me. So I have to buy the game again. So this is upsetting, because their security is so weak, I was never told my birthdate was my “secret question” creating my account, what is there to stop me from thinking it wasn’t an inside job.

            • Deanjo
            • 8 years ago

            What is sad is that you can’t even remember your birthdate.

            • Thanato
            • 8 years ago

            lol. not the one i entered on that account.

            • Deanjo
            • 8 years ago

            Didn’t realize that you could have more then one.

            • Thanato
            • 8 years ago

            for real? relax and breath. unless I’m told it’s for security reasons it’s just a question asking if your old enough, or to collect data on a user-base which isn’t always anybodies business.

            • odizzido
            • 8 years ago

            I never enter my birthday either. I just use the default month/day and select the lowest year possible, usually around 1900-1920.

            • Airmantharp
            • 8 years ago

            Wonder if that gets you more AARP ads in-game?

            (not that I’ve seen a real, live in-game add, but hey)

    • anotherengineer
    • 8 years ago

    found that his account had become tied to a Russian e-mail address

    russians

    • south side sammy
    • 8 years ago

    another reason not to have to have an internet connection in order to play a lousy game.

    • Deanjo
    • 8 years ago

    And Adobe gets hacked as well…..

    [url<]http://www.theinquirer.net/inquirer/news/2224883/hacker-boasts-of-adobe-data-breach?WT.rss_f=Home&WT.rss_a=Hacker+boasts+of+Adobe+data+breach+[/url<]

    • Arclight
    • 8 years ago

    I wouldn’t criticize Origin for being hacked, since higher profile websites or digital distribution platforms have been hacked. I’d critique them if they don’t take actions and hacking continues without any end in sight (remember the Playstation network back when it was hacked and forced to shut down for a month or so?).

    Sure everything is hackable but i think you should look at it in from an economic POV: make the hacker need stuff that way too expensive to justify the benefits of hacking some random gamer accounts and the hacking should stop. If it’s too easy and it requires minimum know-how and hardware ofc the hackers will keep at it…..

      • bcronce
      • 8 years ago

      Over-all I agree with you, but it is quite the blanket statement to say that everything is hackable.

      Hacking something requires taking advantage of a poorly implemented feature or a bug. It is possible to make something with perfect features and bug free.

      That being said, I fully agree that getting hacked doesn’t mean you’re “bad”, it’s about having a properly designed system and having a contingency plan to handle crap hitting the fan. Mistakes will happen, but they shouldn’t happen because of professional negligence and the problems should be handled swiftly and elegantly.

      Your average case is that you will get hacked at some point and one should plan for this and be ready to open communications with the end user to get things back in working order.

    • Silus
    • 8 years ago

    In this day and age, anything can be hacked with know-how, time and computing power.

    Steam has been hacked as well in the past, with credit card info compromised:

    [url<]http://www.gamasutra.com/view/news/128163/Steam_Accounts_Hacked_Credit_Card_Info_Obtained.php[/url<]

    • indeego
    • 8 years ago

    Geez, now I have to look up whether I even still have an EA account, and it was tied to origin or not. le sigh. le firstworldproblem meme goes here too.

    • Ryu Connor
    • 8 years ago

    [url=http://www.keepass.info<]KeePass[/url<] Hopefully Origin/EA adds a second factor of authentication at some point.

      • Glix
      • 8 years ago

      And that will help how?

      All of these *security* systems fail at their weakest link.

      Origin/EA: security fails if hacker gets access to your email.
      Steam: security fails if hacker gets access to your email.

      Even my banks various security methods are bound to fail when the trojans/keyloggers/hardwareemu hackers catch up.

      There isn’t a lot that can be done either, spoofing makes limiting logins inconvenient and keyfobs can be emulated. Adding more layers of things to click or type doesn’t make a difference when keyloggers are built to cope with them.

      🙁

        • Ryu Connor
        • 8 years ago

        You don’t give up on the concept of security just because a system could be compromised.

        For that matter implementing defense in depth is precisely the method one uses to help mitigate the weak points of a security scheme.

        Each of the items you listed have an available system, be they an out of bounds authentication system, or an alternative authentication mechansim (something you have, something you are) that can mitigate the compromise.

        • indeego
        • 8 years ago

        Keyloggers/owned hardware are rare, and if you have one there really is nothing you could ever do realistically anyway, whomever wanted your data already has local access and pwn3d you pretty hard regardless.

        Keepass has nothing to click, memory is encrypted, and keyfobs use known encryption methods. If you always have your keys on you and protected, you are pretty damn safe.

Pin It on Pinterest

Share This