Many Origin accounts are being hijacked, EA offers no explanation

By on November 14, 2012, 2:30 PM

If you have an Origin account, you may want to change your password. Scattered reports from gamers including Eurogamer's Richard Leadbetter indicate that EA may have suffered a security breach. Affected users claim to have received an email from Origin confirming the successful change of their account's email address or password (or both) -- except, of course, the account owners didn't make those changes.

It's unclear how widespread the issue is, but a post on NeoGAF has compiled a list of recent threads created about the topic on EA's forum. Although EA has responded to Eurogamer's report, it mostly beat around the bush, citing its various support avenues and "robust security measures" that are "constantly upgraded." The company didn't acknowledge that the recent compromises may stem from an internal breach.

Many affected users insist that they used complex passwords and that their systems aren't infected with a keylogger or any other malware, so they're convinced that their credentials must have been leaked on EA's end. Adding to the frustration, once an account is hijacked, most of its profile information is altered (including the Origin ID) to erase the identity of its original owner, making it tricky to recover with EA's policies.

Automated online recovery methods generally require access to the email address listed on the account, but that information has been changed in most cases, so the only recourse is phone support. Also, when an Origin account's email address is changed, the service sends a notification to the previous address, but it doesn’t say what the new address is, which makes it harder to help phone support locate your account.

Even after defeating those obstacles, you may not be able to get your account back. According to many reports, EA's support requires your date of birth as part of its security protocol. This shouldn't be a problem, but a lot of people submit bogus birth dates when registering on sites and there's little chance of remembering such a random selection. Some users also suggest that the hackers may be changing birth dates.

If all else fails, you may be able to recover the account if it's bound to another service, such as Xbox Live. Having your account stolen is a bummer, but you can at least be fairly sure that your credit card data is safeish. When Origin stores credit card info, it doesn't keep the three-digit CSS code and it only displays the last four digits of the card number. We're not sure if they'd be able to buy games on your account, however.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.