Tweet
[ATTACH=CONFIG]1859[/ATTACH]
A Pastebin that reportedly contained various EA Origin accounts was spread online yesterday. According to CSO Online, the file reportedly contains information for "hundreds" of compromised Origin accounts including usernames and passwords. That's the bad news here. The good news is that it seems to be contained only to users who have accounts beginning with the letters A through F.Of course, that could just mean that whomever stole this information are holding onto the remaining G-Z accounts for a rainy day.
Sam Houston, Origin's former Community Manager suggested that the data dump was created after an intentional hack into EA's databases.
"Gamers are often targeted with attacks, and with EA's accounts tied into all of their games and their Origin e-commerce site, a gamer's EA account can be very valuable. Gaining access to an EA account would enable a hacker to play any of their PC games purchased through Origin, and could potentially be used to play on a gamer's account on a game connected via the EA account system. Those accounts are valuable not only for financial gain, but also for harassing or impersonating users. It's also worth noting that this dump could just be someone targeting EA in response to something. Over the years, EA has been the target of a lot of ire from various gaming groups, so this could be a response to a particular issue that people are upset about."
Right now, the information is not fully public. Instead, much is replaced with a series of question marks. Roughly 600 accounts were listed. Also included in the leak are reportedly the games associated with each account.
EA has issued a statement to CSO about the matter.
"Privacy and security is our top priority at EA. At this point, we have no indication that this list was obtained through an intrusion of our account databases. In an abundance of caution, we're taking steps to secure any account that has an EA or Origin user ID that matches the usernames on this list. As always, we encourage all players to safeguard their account credentials and use unique usernames and passwords on all online accounts."
You can check out if your account has been compromised at Have I Been Pwned.
Perhaps everyone should just play this safe and change your Origin passwords. Also, be sure to use a password manager that generates a new password per site or service. That way if you are compromised at one site, it won't have far reaching effects. Origin also now offers two-step authentication (Origin > Account & Privacy > Security) and it can work with your Google Authenticator on your phone. You should opt-in to that right away as well.
