EA/Origin account hacked....

Discussion in 'other security issues & news' started by rbrookes, Aug 20, 2012.

Thread Status:
Not open for further replies.
  1. rbrookes

    rbrookes Registered Member

    Joined:
    Aug 20, 2012
    Posts:
    1
    Location:
    United Kingdom
    Hello all, my first post.....not sure if anyone can offer up any inspiration.

    On Friday, my Origin account suddenly logged out and I couldn't log back in. I tried to reset the password and it said email address not recognised.

    It seems somebody was able to change the email address on my account then go in and change all the details. It took until Sunday to get EA to get the account back for me but by that time they'd changed all the details, everything was in Russian and a lot of stuff was deleted.

    Now, I have been able to trace the culprit and it turns out to be a 15 year old Russian boy so I guess there's not really much point in pursuing him. I do have his email address, FB account, DOB, school and other information but I don't think there's any point in exacting revenge on a kid.

    However, what I would like to know is how he did it? (To prevent it happening again)

    The password was reasonably strong on the account, the mail account hasn't been compromised and the machine is free of any infections or keyloggers.

    I'm guessing at either social engineering or he has a mate who works for EA. Anybody else encountered this type of thing?

    Any inspiration appreciated as I run a clan with 30 members and we're getting a lot of Russians trying to join this week so I don' think this will be the last we hear from these people.
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    To get your origin pw, they must have keylogger type application running that logs it I would imagine. Suspect places you have visited related to russia and bf3 I guess. A forum or website maybe.

    Otherwise, if you are the only one who knows it, and it is rather strong, how else could they get it? Inside information is a possibility, but not a probability. Brute force, not likely with a strong password, but could be done. My money is on you visiting someplace that dropped a payload to retrieve origin data.

    Sul.
     
  3. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    It's also possible that he guessed your account security question.

    Did your Origin account contain a security question that might have been too easy to guess?

    A lot of account signups require this type of thing, just in case one forgets their password. If it was something easy, he could of very much so guessed it and gained access to your account.

    I'm not saying this is definitely the way he gained access to your account, but it's a possibility.

    I'll give you a bit of advice...if account signup asks you a security question, don't give it the real answer/something that others might know about you.

    Example

    Instead of doing it this way...

    Question: Where were you born?
    Answer: Dallas Texas

    Do it this way....

    Question: Where were you born?
    Answer: Graphics card in a box

    Basically something so stupid, only you can guess the right answer.
     
    Last edited: Aug 20, 2012
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Have you ever accessed Origin/EA via email links or through other websites?
     
  5. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    545
    Location:
    USA
    Well, I changed my passwords recently (switching password managers) and I took note of any sites with a security question. I don't see one in my notes for Origin, so unless I missed it, they don't use them.
     
Loading...
Thread Status:
Not open for further replies.