Origin accounts getting ‘hacked’ as gamers find fraudulent purchases

Some gamers are finding purchases that they didn’t make in their accounts for Electronic Arts’ Origin service. It’s probably time to change your passwords again.

A significant number of people are reporting that hackers have accessed their Origin accounts. In a thread on the Internet-aggregation site Reddit, dozens of people have said they’ve seen unauthorized activity on gaming networks. This is potentially the result of many recent hacks that leaked passwords for a number of websites and online services. One hack in November distributed personal information from PlayStation Network, Windows Live, and 2K Games servers. Another hit Amazon, Walmart, and porn site Brazzers.

We asked EA for a comment, and it provided the following statement:

“We found no indication at this point of a breach of our Origin account database. Privacy and security of user account information are of the utmost importance to us. We encourage our players to use Origin user ID and passwords that are unique to their account and to report any activity they feel may be unauthorized to EA customer support at help.ea.com.”

On message boards and social media, people are reporting that they are seeing receipts for Origin in German show up in their email. Others are seeing Russian.

A smaller number of people are reporting fraudulent activity on their Steam accounts, which is game publisher Valve’s PC software service.

For both Origin and Steam, it is possible that the hackers did not get into EA’s or Valve’s respective servers. Instead, it is likely that this activity is the result of one of the recent publicized attacks, and hackers are trying email and password combinations on other sites.

Origin is a popular target for people with stolen emails and passwords. It often has saved payment information and the purchases are instant. Many people also do not use two-factor authentication on Origin, which requires an instant code that is sent to an email account or special app.

But even Steam, which forces everyone to use two-factor, cannot stop intrusions if the hackers have access to the account holder’s email as well.

To correct false charges, you’ll probably have to get on the phone with your credit-card company or EA. The publisher’s support staff is used to dealing with this kind of thing — I speak from experience. You’ll also have to update your password and security question.

Even if your account hasn’t suffered any weird activity yet, it’s probably a good time to update your passwords. You can avoid the kind of aforementioned cross contamination during hacks if you use a different password for every site you visit. Otherwise, a hacker only needs to succeed once to take over all of your web accounts.