Remember last year when seemingly every day there was a new security vulnerability that had us scrabbling to change our passwords? Well bad news. Eurogamer's own Richard Leadbetter received an email from Origin informing that his account's password and email address had been successfully changed. Only problem: he never issued any such request.
This NeoGAF thread (which contains justifiably strong language) confirms that this isn't an isolated case. The problem now is that Origin's email confirmations don't state what the new address is, and with both that and the password changed, there's seemingly no failsafe in place to rescue the account. According to one GAF user, because dates of birth have also been changed, affected customers are also failing EA support's security check.
Fortunately card details should be safe. Even if you've previously saved your details to Origin, the store obscures all but the last four digits and requires you re-enter the Card Security Code for all purchases.
Using some quirks of the EA's Xbox Live profile, GAFers was able to track down the new owner of his account, as well as the Russian email address it was now registered to. All that remains is to see how EA will handle the compromise. For now, all they've told affected customers is that they're “escalating” the issue.
In the meantime, maybe change your passwords. Again.