Origin Users are Suddenly Getting Hacked a Lot [Update]

Illustration for article titled Origin Users are Suddenly Getting Hacked a Lot [Update]

Origin users—which means anyone who's played Battlefield 3 or Mass Effect 3, among other games—should keep a close eye on their accounts.

Advertisement

Some users are reporting a wave of hacked and stolen accounts. It appears that a hacker or hackers are managing to log in to Origin accounts and then change the e-mail address and passwords associated with them, which of course locks out the original owners.

Kotaku reader spy0070 wrote in to tell us that his Origin account was one of the ones recently stolen, with the e-mail address and password changed without his knowledge or permission. He found out about it when he received an automated "your e-mail address has been changed" message from Origin support. A thread full of NeoGAF users are reporting the same issue, as are a growing number of users on EA's official forum.

Stolen accounts are, sadly, nothing unusual in the modern online world; however, the security processes—or lack thereof—on Origin accounts are making it difficult for customers to get their accounts back. To verify accounts, EA customer service asks users to verify their dates of birth. However, the hackers are apparently changing the birthdates stored in a profile when they take over an account, thus preventing users from regaining access. Unlike other services such as Steam or Google, Origin currently has no secondary authorization process or two-step verification available.

As one NeoGAF member discovered, players who have their Origin or EA account tied to another service, such as Xbox Live, can reset their account e-mail information through it as a work-around. The rest of us, though, don't seem to be so lucky.

Meanwhile, any Origin user would do well right now to double-check their e-mail address and profile information, and to change their passwords to something unique.

Update: EA has issued a statement to Eurogamer, saying that "At this point, we have no reason to believe there has been any intrusion into our Origin database."

DISCUSSION

Greg the Mad

"change their passwords to something unique."

People reuse their passwords?!?!

Here's how to password:

First: Phrase a sentence: Dwarfs walk into a Bar.

Seconds: Lose the space and period, and add a number*: 4DwarfswalkintoaBar

Done.

Reuse of a password:

Change the number: 1078DwarfswalkintoaBar

Add words: 4DwarfswalkintoaBarcalledFunky

Change words: 4Horseswalkinto7Stables

How to remember created password:

Write it down and keep it safe*

The written down should be encrypted (but not to hard so one close to you, or even yourself still can decrypt it), for example only write down the changed of the main phrase:

1078

calledFunky

7Stables

Make hints which password belongs where:

EvilArts - 1078

Added security:

Have different phrases, maybe even with interchangeable parts (numbers) which'll make it easier to encrypt.

Be flexible: Consider changing your password (parts/numbers) and explore new techniques (foreign language, rarely used names, etc)

Always use at least one capital character, one number, and one normal character.

If you follow this simply guide you still can be hacked. After all is "secure" a illusion at best. But at least your password will hold enough entropy (=hard to hack) that it will not be its fault.

*You can leaf the spaces and period if your system allows it and you want to.

**Lets face it, you'll die one day. Maybe even today, who knows? If you don't write down your passwords no-one will be able to use your encrypted PC anymore, your family will not be able to get any money from the bank, the Energy Plan you're the Sys-Admin of will have to be torn down, and everybody on Facebook will believe you hate them for not "liking" their stuff.

... now all I have to do it make everybody on the world read this post ...