Origin Users Charged For Games They Didn’t Purchase

By | 2 years ago 

The last couple of weeks have been a pain for many in the gaming industry with hackers and denial of service attacks creating a mess during the holiday season. There were widespread attacks on Xbox Live and the PlayStation Network over Christmas and the Xbox One SDK just leaked in the last 24 hours. It now looks like one of the world’s largest game publishers and their customers can also be added to the list of victims.

Reports of a hack on Electronic ArtsOrigin service started popping up on Monday and have picked up steam. Users are reporting unauthorized purchases and other activity on their accounts. For its part, EA has found no specific breach of its database and is now encouraging all Origin users to change their passwords.

News of a possible Origin hack was first reported on the Origin Reddit page. A thread with now more than 300 comments shows many users claiming to have received charges from Origin for games that they did not purchase. Other gamers reported receiving emails about failed attempts to charge their accounts. Some gamers only discovered the trouble when they noticed that they were earning achievements for games that they were not playing.

While it’s only speculation, the overall consensus from those gamers who were affected is that this could have something to do with the DerpTrolling leak back in late November. The hacker group claimed responsibility for an attack on Blizzard’s servers during the Warlords of Draenor launch and also released a long list of usernames and passwords for gaming accounts. DerpTrolling said at the time that they had more than 1.7 million Origin account passwords in their possession. DerpTrolling has a long history of causing trouble for game developers and game players.

EA’s internal investigation showed no specific breach of its account databases, but its customer service team is telling all Origin gamers that they may want to consider updating their Origin account information.

“Privacy and security of user account information are of the utmost importance to us. We encourage players to use Origin user ID and passwords that are unique to their account, and to report any activity they feel may be unauthorized to EA customer support at help.ea.com.”

For whatever it’s worth, most affected gamers in that Reddit thread are also reporting that EA’s customer support team has been very helpful in getting the situation resolved and refunding fraudulent charges, although it may take several days for a refund to process.

Electronic Arts Puts Player First

Another key point that a lot of Origin users don’t seem to be aware of is that the system does provide two-factor authorization. Gamers can set up their account so that they must enter a security code sent to their phone or email before they are allowed to log in from a new computer.

2014 has unfortunately been a banner year for hackers and their ilk. Groups like DerpTrolling and Lizard Squad have repeatedly caused trouble for the games industry for no specific reason other than the fact that they can. Hacking has even gotten a little bit more mainstream attention over the last month, thanks to the attack on Sony Pictures in relation to the The Interview.

If nothing else, the last few months should hopefully have served as a wake up call that better security is needed for online systems and that more needs to be done to try and bring these criminals to justice. On that note, one member of Lizard Squad was reportedly just arrested in relation to some of the recent attacks. One can only hope that this serves as proof that 2015 will be the year the gaming industry strikes back against the hackers.


Follow Jason Gallagher on Twitter @MuckrakerJG.

Sources: PC Gamer, Reddit