Lock up your daughters, shoot your sons, because Love Fist are coming…. (GTA Vice City)
Not really. But the hackers are out in force, and everyone should immediately upgrade their security and change passwords. Especially on Origin.
My Origin Account was hacked and purchased FIFA15!
Do the following to keep your account secure and recoverable:
- Change your Origin password to a strong, unique (not used on any other site) password.
- Enable Login Verification
- Set an Account Security question — and not something someone can find the answer to on your Facebook or profile.
- For recovery, link a connected account such as your Facebook account. Have your game serial codes handy — if you have retail packages, keep them somewhere accessible.
http://help.ea.com/en/article/how-to-maintain-account-security/
Hackers stealing game credentials is not a new phenomenon, but this year (2014) has seen more activity than usual. I had never had any trouble with this in the past, used good PC security procedures and a fairly hard, unique password on Origin. Both Origin and Steam accounts have been targeted by hackers, using phishing and other social engineering, and malware methods such as messages from friends with links to check out.
Thanksgiving morning (Nov 27, 2014) I got a message from my credit card company regarding possible fraudulent activity. Turns out someone purchased FIFA 15 and 100 FIFA points at 3 AM local time, and tried to buy Far Cry 4 (with season pass), which my credit card declined. I contacted EA to get the purchase refunded as the CC company advised, and they did so. I changed my account password and thought it was safe. I knew that the Origin program can only be online on one computer at a time, and attempting to access it from another computer pops up a message showing that. I’d seen no new strange activity on Origin, and played games up until the weekend of January 11.
On Jan 13, I tried to log on to play Battlefield 4, and it said my account was banned. Checked my email, and there was a “problem with your FIFA account” message from EA. Which I thought was very strange, as I’d cancelled the hacker’s purchase of that game and don’t own it, and never used a FIFA account. I’ve contacted EA help and submitted an account dispute email, and am waiting for an answer. I got an email saying to expect a wait of 72 hours or more.
The date and time of my original hack suggest that hackers are targeting sites around the holidays, and we did have issues around Christmas as well on Battlelog.
Battlelog and the Origin web site can be accessed from multiple computers without triggering any messages unless login verification is turned on. While the Origin program itself may be secure, these other web sites might be more vulnerable. I do sometimes log on Battlelog to check up on friends or the forums. Note that all these use the same account and password as Origin itself.
I’ve worked in computer security and make sure my own computers are always secured and scanned. I’ve never had problems.
I’m hoping that my account ban gets fixed, but I fear this rash of account hacking means that login verification is actually essential for security with Origin now. I’m hoping it isn’t too big a hassle, but getting hacked is worse. I still don’t know how the original hack happened — I do NOT use a dictionary word and use numbers and symbols in my passwords, and my Origin password wasn’t used on other accounts.
As of this writing (Jan 24), I’m still waiting for a response from EA/Origin. Origin itself went down (all games inaccessible) Jan 22, and Ive seen no explanation for that. I could try calling EA — they don’t recommend that because they are busy — and see if I can get faster service. But I’m curious just how long a “normal” effort to rectify the situation may take. Update: As of March 2, when I contacted EA again, my ban is lifted and everything is back to normal.
I was lucky compared to some people, who had their account email and user name changed, making recovery of the account harder. It is much, much easier to prevent account hacking than it is to fix the damage a hacker can do. So again, if you haven’t yet done so, upgrade your Origin account security. And if you have other accounts which are less than secure, do something to protect them as well.
Once upon a time, having a good strong password alone was sufficient. But if you use the same strong password on multiple sites, if any one of those is stolen (by use on insecure computers, or a security breach elsewhere), hackers will try to use that password and close variants on a wide range of accounts, hoping to get lucky.
Hackers aren’t stealing account info just to “joyride” on your games. They steal in game resources — Battlefield has nothing to steal, but FIFA 15, World Of Warcraft, and many other games do — to trade them to other accounts. Then they can sell those resources for real money (which is frowned on or prohibited by gaming companies like EA, but still happens). This is on top of the potential to use your money to purchase in-game items to trade away.
If you have had this exact Origin hack happen, follow the advice in this message to start:
http://answers.ea.com/t5/Origin/My-Origin-Account-was-Hacked-and-purchased-FIFA15/m-p/4187624#M109552
==–==
Links
http://answers.ea.com/t5/Origin/My-Origin-Account-was-Hacked-and-purchased-FIFA15/td-p/4078093
https://www.reddit.com/r/origin/comments/2qrfjt/psa_a_lot_of_origin_users_are_being_charged_for/
http://www.hardcoregamer.com/2015/01/03/origin-accounts-hacked/127212/
http://www.eteknix.com/ea-origin-hacked-games-purchased/
http://securityaffairs.co/wordpress/31799/cyber-crime/electronic-arts-origin-accounts-hacked.html
Guild Wars 2 enforces strong security on its accounts. The advice is useful for all gaming and other online account use.
https://help.guildwars2.com/entries/66122673-Guild-Wars-2-Account-Security
Test your new password here.
http://howsecureismypassword.net/
==–==
Cyber Security And Our Future
Hacking, computer viruses, other malware, were once upon a time annoying pranks with little impact on the average person. Maintaining basic security with any standard antivirus program was sufficient to be safe.
That was then. This is now. Cyber attacks are far more the realm of scamming criminals and terrorists. Banks, major corporations like Sony, and everywhere else that money can change hands online are active targets. The threat to gaming accounts is just another, much smaller part of this problem. Scammers stealing a few dollars, or even a few hundred dollars, of games and game content, aren’t getting rich from each account stolen. But as gamers, even if the financial loss may not be major (per person), we risk losing not just the money spent on the games, but the value of the time we spent working to obtain in game achievements and resources.
Even at the lowest level of threat, a hacked account could be used by a player with game hacks which would lead to a ban for using game hacks (from Punkbuster, Fairfight, VAC, etc.). Items of little monetary value earned in the game can be stolen (there are bots which do that to hacked Steam accounts automatically), which are part of our souvenirs (and customization) of games played. Beloved characters and their experience and equipment could be lost, simply by allowing a hacker to have short access to your game account.
The greater personal risk is that a hack which installs malware could take control of your computer, allowing all of your personal information and accounts to be stolen. How much money can you afford to lose because your computer’s security was compromised?
The current crop of hacking software usually works by using social engineering — tricking the user into running (and thereby installing) the program which lets them take control of the computer. Having good security software helps protect against these attempts, but not falling for them in the first place is much safer.
Common threats: fake message from a friend — seen this with Steam this December — saying “check out this” with a link to a video, picture, or site. The address is false, and links to a malware installer. Popups to “update” various software when you visit web sites (including Facebook posts), such as Adobe flash, Java, etc. All of those have their own automatic (and thus trustable) updaters, and don’t require updates from a random web site. Email and web based “phishing” sites, which fake the appearance of a legitimate site and capture user information when entered. Then there is Facebook, where malware infected systems post “click bait” messages which link to malware infested sites, or to sites which ask for user info. All those “shocking video” and “free gift, car, computer, etc.” posts which ask for user information in order to see them are pure scams or worse. A related, but less malicious, Facebook threat are fake news sites which exist simply to earn advertising money when users visit, and spread totally bogus news. Facebook is making an effort to curtail some of these things, because they are truly a threat to user computer security.
http://www.businessinsider.com/facebook-cracking-down-on-fake-news-2015-1
Successful trojan malware can be very subtle, doing nothing immediately to alert the user to their presence. Once in place, they make the user’s computer open to total remote control. A hacker can do whatever they want with the system, disabling security software and installing additional programs.
https://technet.microsoft.com/en-us/library/dd632947.aspx
The biggest security threat is when your computer is turned into a hacker’s remote controlled zombie, and programmed to be a slave as part of a botnet. Ever wonder how a handful of hackers can perform a distributed denial of service (DDOS) attack — attempting contact and login to a site from many locations at once in order to overwhelm and shut down the service — with just the PC in their home? Turns out they can’t. Instead, they employ thousands, or even millions, of PCs which are controlled by malware as part of a botnet. How many PCs have such malware installed? It is hard to be sure, but estimates run as high as a third of all PCs in the world. But even a few million PCs are more than enough to take down any gaming network. The same botnet can also run through millions of user accounts with targeted password hacking attempts, and have more than enough computing power to crack weak passwords.
http://en.wikipedia.org/wiki/Botnet
On a personal level, doing your part to secure your computer protects the entire community, not just yourself. I did several different scans when I learned my account was hacked, and fortunately found nothing (the hacker doesn’t have to install software on your PC in order to hack the password and login elsewhere. My credit card company did a fine service warning me of the suspicious purchase immediately. It may have been from another country or in other currency, as well as the timing of the purchase.
3:00 AM on a holiday morning. A time when many people won’t check their accounts for hours, perhaps days. Now, was the account password hacked that day, or was it acquired earlier and held onto waiting for the best time to use it? I don’t know, and my password was relatively strong and used only on Origin. I do use multiple PCs of my own, and use public WIFI networks on my laptop. And could have logged into Battlelog from a compromised PC or network, even though my own PC was safe. I’ve found other reports on the net of Origin (and other) accounts being hacked despite strong, unique passwords.
Every PC out there which is under the control of hackers as a zombie is a serious threat. So if your computer lacks good security, or you believe (or worse, know) that you have malware running on it, stop what you’re doing and fix it! There are free tools, and they can help save your computer once you’ve been infected, but paying for one good security program can save you from having to do that.
One of the most common computer “repairs” I do for people is removing malware. This has increased industry-wide over the last few years. More and more often, fixing an infected computer demands the nuclear solution.
Ripley: I say we take off and nuke the entire site from orbit. It’s the only way to be sure. (Aliens, 1986.)
Wiping the hard drive and reinstalling the OS (Windows for most of us) takes care of any infection, but it is an action of last resort and big hassle. But it is better than leaving your computer enslaved, threatening other users and your own personal security.
1 pings