- Aug 22, 2011
- 8,232
- 2
- 0
FYI to all users of EA Origin for online PC gaming.
Before I begin, please make sure that you go into your Origin account settings and setup Login Verification. This sets up a phone number that you can receive text messages on so that anytime you login or do any changes to your account (password, OriginID, etc.) you are texted another verification code that you must enter to gain access.
Now, to my story to provide background on this issue. I began receiving a random email from what appeared to be EA/Origin about three months ago. The email was very infrequent, maybe 3-4 emails in the last three months. The email was also completely in Russian. I use Gmail so I reported the emails as phishing and thought nothing about it, especially because I couldn't read them.
Well, today I get another email, this time in English from EA/Origin. It tells me that my email address has been changed from my Gmail to cross240@mail.ru. This time, I took a little more notice and what doing a bit of the OMGWTFBBQ dance. Anyways, there was information in the email with a link in case this change wasn't authorized I could revert back to the original email address. The email also said I should change my password once I logged back in. So I went ahead and clicked the link and reverted to my old email. I think logged into my account and changed the password.
This is where is gets scary/interesting. As I was doing this, the hacker was receiving (as was I) emails indicating changes being made to the account. This is the real scary part. As I was making the changes, the person was able to log in just before me and revert or negate those changes. So when I logged out and then went to login and check, I was unable to go into the account. Clicking on the "I forgot my password link" wouldn't do me any good because the email for that was going to the hacker's Russian email account, not mine. I was effectively locked out of my account.
Now, when I did login, I did a little looking around in the account settings and made some changes before I logged out. The hacker had changed my OriginID (which can be used to gain account access with lost password requests), my name, my country, and my language. They also "purchased" a free Need for Speed game. Luckily it was free.
Ok, so moving on. I got in contact with EA support to try and rectify this issue. That process sucks and I won't go too much into it but basically, you can't call them, you have to login and give them your phone number and they call you. Anyways, the guy I got was over in the UK and I told him what was going on. He immediately said, yes, this is a hacker and we've seen this a lot. He began trying to rectify the situation and get everything re-secured. The funny part (at this point I have to laugh to avoid wanting to murder someone) was that as he was changing things on his end, the hacker again was actively in the account changing them back. The tech support guy was like "Wow, this is the worst case we've seen, this guy is actually on right now stopping us from fixing this." So, the tech pulls out his trump card and completely deactivates my account as to allow for only him to make changes and prevent emails being sent to the hacker's account that changes are being made. While doing this, he sets up the additional security with the Login Verification that I mentioned at the beginning. When he gets done, he has some verification emails and texts sent to make sure I can see them and can access the account and can reset things back to normal. All is well again, so we end the call.
All was not really over. Not five minutes later, my phone starts absolutely exploding with text messages containing verification codes. Nearly 100 messages come in (about every 20 seconds) before I decide its time to get in touch with EA again. After EA calls be back I tell the new tech person what's going on and they are like yeah, sounds about right. Its no surprise to them. The only way to fix it is to have them change the email address on the account, which also changes the login. The problem was that the hacker still knew the ID (email) so they could continue asking for a password reset over and over which would spam out text messages with verification codes for the newly activated Login Verification. So, begrudgingly, I give him a new email address which finally ends this ridiculousness. Note: the tech advised me to change my OriginID to something else because that can be used to gain access to a locked account. The tech also, smartly went about changing the email address on the account. He changed it twice, once to a fake donthack@ea.com account and again to my new account. Had he just changed it to the new account, the hacker would have gotten that information. He would have received the same email like the one that started this mess that the email had been changed on the account.
tl;dr: Follow the first paragraph. Also know that EA is aware of huge holes in their security and aren't doing anything proactive about it.
Before I begin, please make sure that you go into your Origin account settings and setup Login Verification. This sets up a phone number that you can receive text messages on so that anytime you login or do any changes to your account (password, OriginID, etc.) you are texted another verification code that you must enter to gain access.
Now, to my story to provide background on this issue. I began receiving a random email from what appeared to be EA/Origin about three months ago. The email was very infrequent, maybe 3-4 emails in the last three months. The email was also completely in Russian. I use Gmail so I reported the emails as phishing and thought nothing about it, especially because I couldn't read them.
Well, today I get another email, this time in English from EA/Origin. It tells me that my email address has been changed from my Gmail to cross240@mail.ru. This time, I took a little more notice and what doing a bit of the OMGWTFBBQ dance. Anyways, there was information in the email with a link in case this change wasn't authorized I could revert back to the original email address. The email also said I should change my password once I logged back in. So I went ahead and clicked the link and reverted to my old email. I think logged into my account and changed the password.
This is where is gets scary/interesting. As I was doing this, the hacker was receiving (as was I) emails indicating changes being made to the account. This is the real scary part. As I was making the changes, the person was able to log in just before me and revert or negate those changes. So when I logged out and then went to login and check, I was unable to go into the account. Clicking on the "I forgot my password link" wouldn't do me any good because the email for that was going to the hacker's Russian email account, not mine. I was effectively locked out of my account.
Now, when I did login, I did a little looking around in the account settings and made some changes before I logged out. The hacker had changed my OriginID (which can be used to gain account access with lost password requests), my name, my country, and my language. They also "purchased" a free Need for Speed game. Luckily it was free.
Ok, so moving on. I got in contact with EA support to try and rectify this issue. That process sucks and I won't go too much into it but basically, you can't call them, you have to login and give them your phone number and they call you. Anyways, the guy I got was over in the UK and I told him what was going on. He immediately said, yes, this is a hacker and we've seen this a lot. He began trying to rectify the situation and get everything re-secured. The funny part (at this point I have to laugh to avoid wanting to murder someone) was that as he was changing things on his end, the hacker again was actively in the account changing them back. The tech support guy was like "Wow, this is the worst case we've seen, this guy is actually on right now stopping us from fixing this." So, the tech pulls out his trump card and completely deactivates my account as to allow for only him to make changes and prevent emails being sent to the hacker's account that changes are being made. While doing this, he sets up the additional security with the Login Verification that I mentioned at the beginning. When he gets done, he has some verification emails and texts sent to make sure I can see them and can access the account and can reset things back to normal. All is well again, so we end the call.
All was not really over. Not five minutes later, my phone starts absolutely exploding with text messages containing verification codes. Nearly 100 messages come in (about every 20 seconds) before I decide its time to get in touch with EA again. After EA calls be back I tell the new tech person what's going on and they are like yeah, sounds about right. Its no surprise to them. The only way to fix it is to have them change the email address on the account, which also changes the login. The problem was that the hacker still knew the ID (email) so they could continue asking for a password reset over and over which would spam out text messages with verification codes for the newly activated Login Verification. So, begrudgingly, I give him a new email address which finally ends this ridiculousness. Note: the tech advised me to change my OriginID to something else because that can be used to gain access to a locked account. The tech also, smartly went about changing the email address on the account. He changed it twice, once to a fake donthack@ea.com account and again to my new account. Had he just changed it to the new account, the hacker would have gotten that information. He would have received the same email like the one that started this mess that the email had been changed on the account.
tl;dr: Follow the first paragraph. Also know that EA is aware of huge holes in their security and aren't doing anything proactive about it.
Facebook
Twitter