Origin accounts being hijacked - email addresses changed to Russian domain

Remember last year when seemingly every day there was a new security vulnerability that had us scrabbling to change our passwords? Well bad news. Eurogamer's own Richard Leadbetter received an email from Origin informing that his account's password and email address had been successfully changed. Only problem: he never issued any such request.

This NeoGAF thread (which contains justifiably strong language) confirms that this isn't an isolated case. The problem now is that Origin's email confirmations don't state what the new address is, and with both that and the password changed, there's seemingly no failsafe in place to rescue the account. According to one GAF user, because dates of birth have also been changed, affected customers are also failing EA support's security check.

Fortunately card details should be safe. Even if you've previously saved your details to Origin, the store obscures all but the last four digits and requires you re-enter the Card Security Code for all purchases.

Using some quirks of the EA's Xbox Live profile, GAFers was able to track down the new owner of his account, as well as the Russian email address it was now registered to. All that remains is to see how EA will handle the compromise. For now, all they've told affected customers is that they're “escalating” the issue.

In the meantime, maybe change your passwords. Again.

ABOUT THE AUTHOR

Phil has been PC gaming since the '90s, when RPGs had dice rolls and open world adventures were weird and French. Now he's the deputy editor of PC Gamer; commissioning features, filling magazine pages, and knowing where the apostrophe goes in '90s. He plays Scout in TF2, and isn't even ashamed.

Topics

EA
We recommend