Gamers find fraudulent charges on their ea.com Origin’s accounts.
Over a three year period from 2012 to 2015, gamers were complaining that hackers were accessing their Electronic Arts (EA) Origin accounts. Origin is the EA online store and was launched in 2011. As of 2013, more than 50 million users had accounts on the site.
Users took to Reddit.com, a social discussion site, to share their experiences. Some gamers found unauthorized purchases through emailed billing receipts or bank statements. Others received emails from ea.com reporting a change to their Origins accounts. Many were reporting receipts in German or Russian languages.
According to Venturebeat.com, EA.com released a statement saying:
“We found no indication at this point of a breach of our Origin account database. Privacy and security of user account information are of the utmost importance to us. We encourage our players to use Origin user ID and passwords that are unique to their account and to report any activity they feel may be unauthorized to EA customer support at help.ea.com.”
It is possible that hackers did not actually break in to the Origin server. Instead, the suspicious activity might have been the result of a series of leaked passwords from other sites such as Amazon, Walmart, Windows Live, PlayStation Network and Brazzers, a porn site. These attacks involved hackers trying various email and password combinations to break into the sites.
Origin is a target for stolen passwords because payment information is saved and purchases are instant. Users who lost access to their Origin accounts had difficulty regaining access. Origin’s verification process asks for birth dates. Usually, the hacker had changed the birth date thereby blocking the original user from their accounts. At the time, Origin did not use two-step authentication. With two-step authentication, a code is sent to an email, app or cell phone for verification.
Victims should contact their credit card companies to correct the false charges. Additionally they need to update their passwords and security information. Even if one’s information was not compromised, all users should update their password information, especially after publicized attacks.
In July 2015, EA renamed all Origin accounts. They are now called EA Accounts. According to an email from EA the change is “to better represent all of EA’s games and services.”