Origin Hacked, check your emails..

[Emil Ispep]

Hey there, just checked my email a few minutes ago, and I have 4 unauthorized purchases from the store that went through on the 27th...

-tried calling my CC company, but since its new years eve, theyre closed... cant talk to a live person.

-cant log into my origin/mythic account because it looks like whoever did the hack changed the password.

-cant navigate EA/origins page for the life of me, plus i think theyd be closed as well... they ask you to log in, but if you cant... well yea lol.

Ill give it a shot friday or saturday. Check your emails and see if you got anything too. I actually changed my pw for mythic a few weeks ago when i heard that they havd been hacked... but guess it didnt work.

wonder why i still pay money to this game =/

 

[Lythos-]

Nothing out of the ordinary for me but I also don't save any card or personal information on the internet.

Did you mean someone changed your pass to the Origin store AND account management or just to Origin?

 

[Emil Ispep]

Looks like both... cant get into either one. The pw reset option doesnt work either... says "an error has occured" which makes me wonder if my account is "frozen" while they investigate. Looking at my cc, the charges still show pending.

*edit

I do have my 2 accounts set up for monthly cycles on my cc, so its saved

 

[NBG]

There was instance of Fake Origin store's login page that allowed hackers get your login information when you log in through that fake page. EA server was tricked into hosting that login page apparently....

This might be how you got hacked.

 

[Kayhynn]

See this post here: http://community.stratics.com/threads/be-sure-to-check-your-origin-accounts.328381/#post-2487934

PC Gamer posted an article on it yesterday, almost a month after the first attempt on my account.

 

[MalagAste]

This is a known issue and for some stupid reason Origin chooses to ignore it... maybe it'll go away.... but I know of no less than 10 people that have had the same thing happen in the last 2 months... I posted about it on the forums previously that folk need to remove ALL CC information from Origin! But we players can only do so much... not everyone reads stratics and not everyone pays attention to all the threads.

Sadly it's a fact that many have been had over this.... not really cool and honestly Origin should do the responsible thing and send out an alert email to users warning them that their system may be insecure... but they won't. Sorry you got taken.... hope it gets resolved soon.

 

[FrejaSP]

Some players are lazy and use easy passwords and same login and password to several places.
Also some let windows remember the password, don't do that.
If you look under setting, you can make it harder for hackers, don't allow them to search you and don't show real name and email and don't use Facebook or something like that to login.
Also I would make a special email for your account, if they do not know your email, it's much harder to hack you. And don't use same password for your email as for your account.

 

[MalagAste]

Some players are lazy and use easy passwords and same login and password to several places.
Also some let windows remember the password, don't do that.
If you look under setting, you can make it harder for hackers, don't allow them to search you and don't show real name and email and don't use Facebook or something like that to login.
Also I would make a special email for your account, if they do not know your email, it's much harder to hack you. And don't use same password for your email as for your account.

Exactly. I've always ..... ALWAYS used a separate email for my accounts.... and NEVER post that email anywhere! NEVER. It is for my accounts and that's it. And always use unique passwords. I had a friend who while old always used the same log-in name and password everywhere... NOT a good idea! I scolded him for that! Anything I need to use money for gets special treatment. Accounts, banking, paypal any of that... always gets a special and extremely unique everything... And I don't keep that information anywhere but in my own head. My bank knows me and they know what I buy..... but the do NOT allow any foreign transactions.... which I'll say most of the hackings have been buying things with Korean origins.... so don't know what is up with that. But my bank would not allow that.

But it's good to keep yourself safe.... and don't leave a trail on the internet.

 

[THP]

but the problem is.....and ive read this so many times...

only 1% of UO players read stratics....[really???]

 

[Emil Ispep]

There was instance of Fake Origin store's login page that allowed hackers get your login information when you log in through that fake page. EA server was tricked into hosting that login page apparently....

This might be how you got hacked.

Yea I wonder... I read the post a few weeks ago about changing the password, and I did... but i guess i still got hacked. I shot Mesanna an email about being locked out of my mythic/origin accounts... hopefully she can do something for me. Otherwise, gotta wait til friday to get in touch with Origin and my CC.

Im not so worried about the charges.. those can always be disputed and taken away.. they are still showing up as pending. I do however want to get into my account and remove the saved CC info, and switch to gametime codes.

 

[JC the Builder]

Origin security is garbage and it doesn't matter what security precautions you take at this point. They are getting hacked over and over. The reddit Origin section is a sea of posts about the recent hackings: http://www.reddit.com/r/origin/

Just be glad hackers are not after UO accounts anymore. It is all about football.

 

[Emil Ispep]

Origin security is garbage and it doesn't matter what security precautions you take at this point. They are getting hacked over and over. The reddit Origin section is a sea of posts about the recent hackings: http://www.reddit.com/r/origin/

Just be glad hackers are not after UO accounts anymore. It is all about football.

Haha.

Just tried resetting my Origin pw again, and it still doesnt work.. so im thinking Origin has the account frozen until i can get in touch with them to straighten things out.

 

[Fridgster]

If they (hackers) gained any kind of write access to the server origin is screwed and i wouldnt trust my info there. Once a hacker gains write access they will upload scripts to maintain access even after the security hole is closed.

 

[Emil Ispep]

Well, got everything straightened out. Talked to an EA advisor through a chat window for an hour. He was able to send me links to reset my Origin and Mythic passwords. Also said that the 4 fraudulent transactions didnt go through.

I think just to be on the safe side, im going to remove any saved billing info, and switch to game time codes... provided they work from the store. Been reading that people are having trouble redeeming codes recently.

Any advice?

 

[Lythos-]

Well, got everything straightened out. Talked to an EA advisor through a chat window for an hour. He was able to send me links to reset my Origin and Mythic passwords. Also said that the 4 fraudulent transactions didnt go through.

I think just to be on the safe side, im going to remove any saved billing info, and switch to game time codes... provided they work from the store. Been reading that people are having trouble redeeming codes recently.

Any advice?

Just bought and applied 2 GTC yesterday No problems at all.

 

[Emil Ispep]

Sweet deal =). Think ill still get a new CC issued too haha.

 

[Lythos-]

Sweet deal =). Think ill still get a new CC issued too haha.

I wouldn't go that far just yet. I believe it's a federal law that you're not responsible for any unauthorized charges on your credit card so I'd wait and see if anymore charges come up first.

If it were your bank card then...yikes.

 

[Flagg]

There has been a good amount of reports about this happening to Origin users. EA claims they have not noticed getting hacked. Yet, tons of people(Not UO players, Origin users.) are reporting various suspicious activity happening to their Origin account. Unauthorized purchases etc.
Time to change passwords and all that once more. Time when I kept more than token sum of cash on bank account with credit card is long gone.


Also, Origin has an option for a two step verification. It is off by default because EA doesn't like you. Put it on!! Go to Origin, log in, go to your own account settings. Security etc, and look into " two step verification".

On a more positive note, change that the hackers give a ****/know about Ultima Online or your UO characters is around 0%.

 

[Lythos-]

On a positive note, change that the hackers give a ****/know about Ultima Online or your UO characters is around 0%.

They probably do and feel so sorry we're stuck in 1997 that they're trying to get us to upgrade to newer games.

 

[Emil Ispep]

I wouldn't go that far just yet. I believe it's a federal law that you're not responsible for any unauthorized charges on your credit card so I'd wait and see if anymore charges come up first.

If it were your bank card then...yikes.

Hehe, no no no on using the bank card... nooo way.

CC you can dispute and get taken away; debit... your screwed.

Between this Origin hack, the Home Depot hack, the Playstation network... probably a few others that havent been figured out yet... ill just get a new one. Was thinking about a new CC altogether... do a balance transfer, and get the 0% APR for a year on something =/.

 

[Basara]

CC you can dispute and get taken away; debit... your screwed.

Depends on your bank. My late brother the drug addict stole mom's debit card information a couple times, and used it to call Western Union and wire money to himself (giving the sender as my late father!), and her bank refunded her money both times.

 

[MalagAste]

Depends on your bank. My late brother the drug addict stole mom's debit card information a couple times, and used it to call Western Union and wire money to himself (giving the sender as my late father!), and her bank refunded her money both times.

Exactly my bank stands behind me with my Debit Card. Someone steals your number when you think your safe like some waitress at a restaurant or some gas station employee or whatever and they will refund me everytime.... they have a good fraud detection department as well... Never had a problem with the card but I don't use it at Origin...

 

[Gidge]

So if we delete our CC info from Origin do we still get billed properly for our accounts?

 

[Kayhynn]

No.

The advice has been to buy Gametime codes if you really want to protect yourself.

 

[Lady Storm]

A friend went to buy my son a gift from OriginStore last month for a Ultima Online item... He just found a bill to his CC for FIFA Soccer and all its expantions billed.
He has no EA account..yet he was billed way after his visit. EA has to take credit for this mess.

 

[Gidge]

Just stretching here, but if they can't find a "breech" in their system they should look inward.

 

[Olahorand]

Just found, that the same happened this night with my account through the US store. FIFA again ...
So this hack still is going on.
(And there was a "failed" FIFA order back in December.)
Deleting CC info fails ... not sure if it worked but still the CC information shows up for payment option.

 

[Smoot]

So how are we supposed to pay for UO?
Just risk it?
If your credit card isnt secure by just making a purchase, not even having the info saved (as Lady storm attested to)
Ive never bought UO stuff from a third party ever, but now im thinking the risk of dealing with a player is probably smaller than the risk of dealing with the actual company itself.
This is unacceptable.

@Mesanna could you give some advice on how to find out if / when this breach is fixed? or recommendations on safe places to buy gametime?

 

[Sargon]

Same thing happened to me this morning, an authorized purchase of FIFA 15 on my account, for which I received an order confirmation email in Spanish.

My Origin password was complex and not used anywhere else, so I can only assume the hackers obtained it from the Origin database itself.

I have since changed my password and enabled two-step verification to fight future hack attempts, and EA is refunding the unauthorized purchase. It is a bit concerning though, with how widespread this issue appears to be, that EA has not acknowledged or identified any problems. I contacted a few friends and one of them discovered that he had been hacked as well. He didn't have a credit card on file so they weren't able to make any purchases, but his account settings had been changed to Russian.

I have been on the fence for awhile trying to determine whether I should continue paying for UO even though I rarely play. This may be the deciding factor for me to give it up once and for all. I simply don't want this company to have my credit card info.

 

[old gypsy]

Honestly, if this happens to me I'm going to try to live without a computer from now on. I have a love-hate relationship with the darn things anyway, since I don't trust machines that are smarter than I am.

 

[Kayhynn]

Keep in mind, I posted about this originally Dec. 11 here: http://community.stratics.com/threads/be-sure-to-check-your-origin-accounts.328381/#post-2487934

And the first attempt to purchase FIFA was in November. It's getting way more widespread now. Would be nice if they had listtened to me and logged IP addresses of the people buying the FIFA multiple times and block them from the servers.

 

[The Zog historian]

As a couple of people already posted, set up your account to use verification codes, which are e-mailed and must be entered during login and before purchases. There is no reason not to use them, and every reason now to.

 

[Lady Michelle]

Need to use stronger passwords also its hard for me to remember my passwords so I pick words all remember.
kitchensink easy to remember. To make it a stronger password I do this K1tch3nS1nK turn the vowels into numbers use some caps also. Some places let you use symbols like @ # $ etc Some don't places that let you seriously use them when you can in your passwords.

 

[Ezekiel Zane]

Happened to my son's account before Christmas and just happened to my Origin account a couple days ago. Both authorized FIFA 15 purchases. This is definitely still going on.

I hadn't setup two-step verification but I have now.

 

[azmodanb]

anyone use paypal ? its pretty secure and you can cancel charges.. works.on the store.. and they have there own pw after the origin one..

 

[DJAd]

anyone use paypal ? its pretty secure and you can cancel charges.. works.on the store.. and they have there own pw after the origin one..

Yes I buy all my game time using it.

 

[GarthGrey]

This is still happening. I made 2 purchases recently, and got a very strange phishing email the very next day. The first one i've ever received since ever. I won't be purchasing another item, as the email addresses are clearly being intercepted somehow.

 

[GarthGrey]

Need to use stronger passwords also its hard for me to remember my passwords so I pick words all remember.
kitchensink easy to remember. To make it a stronger password I do this K1tch3nS1nK turn the vowels into numbers use some caps also. Some places let you use symbols like @ # $ etc Some don't places that let you seriously use them when you can in your passwords.

This isn't about passwords, its about email addresses that we're forced to use to make a purchases and how these are falling into the wrong hands. It's going to get worse. I've never been hacked, or had anything like this happen . And in the past I had purchased lots of codes from the store. But a recent purchase has led to some very suspicious email activity.

 

[Lady Michelle]

This isn't about passwords, its about email addresses that we're forced to use to make a purchases and how these are falling into the wrong hands. It's going to get worse. I've never been hacked, or had anything like this happen . And in the past I had purchased lots of codes from the store. But a recent purchase has led to some very suspicious email activity.

Oh I thought it was about the origin accounts being hacked, and the OP wanting players to check their emails. Well anyways that is why I posted about stronger passwords.
In this case I'll set up new email throw my accounts on it, and when comes time to buy at the origin store I'll throw the old email back on make my purchases. Once I get my purchase email back to the new email. Here is the link for anyone who would like to change your email.
http://community.stratics.com/threads/changing-your-email-with-uo-acct-help.319729/

 

[Olahorand]

The most chaotic online store I know did strike back with another surprise.
History:
Spotted that FIFA purchase.
Requested reimbursement.
Chatted with CS pointing to the issue.
Went to purchase some GTC in German store.
Meanwhile FIFA purchase was flagged as Failed.
And today I got a mail, that I have been reimbursed - for the GTC!?

 

[Flagg]

Use the two step verification of Origin. It means every time your Origin account is accessed from a new location, you get to verify it via e-mail. Increases security by tenfold.

Always assume that the card you are using online is stolen and circulating net at this very moment; you - need - to make sure the bank account it is connected to doesn't have much cash,ever.

It sucks what happens with Origin. It also is borderline universal at this stage; all larger companies suffer from same fate now and then. Microsoft, Sony, Steam, Ebay..all have suffered from varying severity of hacking. All have gotten customer data stolen. It is useless to pancake about how horrible Origin is in this regard0. Oh it is true, they are. But it is also true these security preaches are inevitable. Just assume it - will - happen now and then and prepare for it. Either take precautions for it or stop doing online transactions entirely.

Also, use Origin's two step verificiation. Seriously. It minimizes the risk. All those here who ended up getting nice surprise Fifa, did any of you have the 2 step verification on?

 

[Kayhynn]

Also, use Origin's two step verificiation. Seriously. It minimizes the risk. All those here who ended up getting nice surprise Fifa, did any of you have the 2 step verification on?

I did not have it turned on as the password I used at that time was fairly secure - I work in the tech industry so I am pretty good at personal security. I turned it on after the fact - I just don't like being bothered with 2-step when all of us techs know that it's only a small amount of protection if other things are vulnerable.

 

[Flagg]

I can't see how two step authentication could possibly make only a small amount of protection in such mass attacks as one Origin had.