Categories
Cybercrime

Several Electronic Arts Origin accounts hacked

Many gamers are finding purchases that they never made their accounts for Electronic Arts Origin service. Once again the gaming industry under attack.

There is no peace for the companies operating in the gaming industry. During Christmas holidays, the hackers of Lizard Squad brought down the PSN and Xbox live services, while yesterday the hacking crew  H4lt leaked the Xbox One SDK online that could let experts to develop their own Homebrew Apps and run them on the popular gaming console.

The last bad news in order of time is for the gaming community of the Electronic Arts, many Gamers are finding purchases that they didn’t make accredited their accounts for Electronic Arts ’ Origin service.

The anomalous transactions have not been claimed by any group of hackers, experts believe that they can be the result of previous breaches of popular gaming services. The investigators don’t exclude that the hackers have stolen the account credentials from other networks and websites. The affected users may have shared their credentials within multiple web services and one of them has been hacked.

Many websites in the underground sell entire archives of stolen credentials, information related to users of the PlayStation Network, Windows Live, and 2K Games servers was leaked online in November.

Several Electronic Arts Origin 2

Four months ago a whistleblower revealed to Kotaku that the forum board Firemonkeys was hacked compromising more than 40,000 users. The whistleblower spread the news through Reddit, he published a post called “Of Corruption in the Australian Games Industry” following the strong call for transparency and disclosure from the#GamerGate movement

“During my tenure at a large publisher, our community forum was hacked, and the information of over 40,000 members (including names, and email addresses) was downloaded and stolen. The publisher suppressed this information. When my contract had expired I approached a writer about this, and he declined to publish the story because he was close friends with people who work at this publisher and the publisher’s local office.” said the whistleblower.

According to the experts, the hackers exploited a known flaw in the Vbulletin CMS.

In these days, several gamers are reporting that their Origin accounts seem to have been hacked.Dozens of people reported unauthorized activity on gaming networks.

The suspicious activities were reported to the Electronic Arts by Venture Beat:

“We found no indication at this point of a breach of our Origin account database. Privacy and security of user account information are of the utmost importance to us. We encourage our players to use Origin user ID and passwords that are unique to their account and to report any activity they feel may be unauthorized to EA customer support at help.ea.com.”

The victims are reporting that they are observing receipts for Origin in German and Russian. A limited number of gamers is reporting fraudulent activity on their Steam accounts, which is game publisher Valve’s PC software service.

“For both Origin and Steam, it is possible that the hackers did not get into EA’s or Valve’s respective servers. Instead, it is likely that this activity is the result of one of the recent publicized attacks, and hackers are trying email and password combinations on other sites.” continues Venture Beat.

It is suggested to the Electronic Arts Origin users to reset the password, to enable two-factor authentication for their accounts and to report any suspicious activities.

Pierluigi Paganini

(Security Affairs –  Electronic Arts Origin, cybercrime)