Origin hacked, for reals

[mindatlarge]

So, maybe this is old news, but Origin has been hacked and it is legit. Unfortunately for me I didn't get the memo until today. I used the same password and email address for my Xbox Live account as Origin, and came home today after work to two emails saying I purchased 4,000 and 6,000 Microsoft points. Purchases that I didn't make and the email above that stating my origin password had been reset. The Microsoft points are not on my account, but the sums of $49.99 and $74.99 were charged to my Paypal account since that's the form of payment I have saved to my 360. When I changed my password on Xbox Live, I used the website, I did get a warning page saying it looked like my account was accessed by an outside party or something of that nature. But I did successfully change my password.

So, I have some questions for the GAG community:

1. Who should I contact first about this? Paypal, Microsoft or Origin?

2. Since the hackers bought 10,000 Microsoft points, where did the points go if they are not in my account?

3. If you have any other tips or advice that'd be awesome. I already changed passwords and such, so I should be fine there.

I also wanted to spread the word. I googled "origin hacked" and apparently this was in the gaming news around the 14th of November. But from what I saw, Origin is denying they were hacked.

Just an FYI, I used Origin one time, bought a couple hard copy games from their site during black Friday last year. I don't even have their client installed on my PC. But I can tell you, those games weren't worth this headache!

 

[GUNNM]

You would need to contact MS to get that money refunded. Check your download history as to where your points went it probably went to fifa packs they buy them and gift them to other accounts

 

[Dick Tracy]

Did the hacker spend the points? Check your Xbox LIVE Marketplace purchase history.

Maybe he bought some FIFA shit.

 

[GUNNM]

Try this too
https://commerce.microsoft.com/PaymentHub/?wa=wsignin1.0

 

[mindatlarge]

WTF...you guys are right!

FIFA Points 500
and
FIFA Points 4600

I called Microsoft, followed the prompts to Xbox / Billing, it asks me to enter my phone number then make sure I have my "proofs" ready, whatever that means, asks for my home phone to be keyed in then says "Sorry, try again later" and the call disconnects.

Any tips with contacting them? I'm calling 1-800-642-7676. Should I just keep trying and trying?

Thanks, homies

 

[GUNNM]

They have really good twitter support but they won't be on till the morning. https://twitter.com/XboxSupport

 

[150Calories]

ask urself 3 thing be4 u jump 2 conclude:

-is this public stunt? 4 attn?
-is it glitch?
- hoax?

or was it scma all along 2 get ur info? u can report web forgery if that is case. i never use origin and all i kno is i never realy trust it ... now i kno y i went with "gut" instrinct wich is important.

 

[GUNNM]

holy shit

 

[mrx001]

Through the phone seems the way to go.Twitter xbox support won't really help you in most severe account problems.They'll just give you the phone number.This is the first I've heard of the hack.Good thing I've use multiple passwords for my most important accounts.

 

[mindatlarge]

Thanks, again guys...I'll have to try tomorrow. It's almost 10pm here and I think they are closed for the day, keep getting the call disconnected.

 

[coolsteel]

Yeah mine was hit last week , thankfully I don't have any cards linked to it or my Xbox Live Account

 

[Kerig]

This nightmare again??? They're a month or two later this year.

Be prepared to lose your LIVE account access for up to a month or two if you call MS. Near the end last time they were finally able to speed things up to a week or two, but when it first started the average lockout time was 2-3 months.

Two things to remember:

1. Never, eVeR, have (valid) credit card info stored on a game account (LIVE or PSN)

2. Keep as few pre-paid points in your account as possible. Store the codes offline until you need to redeem them.

3. If you need to open a case with Microsoft that involves a timeframe, do NOT assume that they will be handling it smoothly and on schedule; call them frequently to check up on the status of your case. Stagnation was the major problem last time, so many people dropped so many balls for too many paying customers. We actually had to start filing complaints with the BBB before some of our cases were properly handled by a competent employee.

 

[mindatlarge]

Thanks for the info, Kerig. You guys have all been really helpful.

Luckily, I got through last night and got it straightened out. They walked me through the steps of securing my Live account. Took about 30 minutes in all. They also said the money had already been refunded, but it takes a couple days to show back in my PayPal.

An admin had put a note on my account attached to the two fraudulent purchases while I was at work and oblivious to what was happening, authorizing a refund since their system flagged the purchases as suspicious. Pretty cool that their system at least does that.

Funny twist, when I logged on this morning there was a friend I had never seen before playing what else but FIFA 13. When my account was compromised they must have added this user to my friends list. In all the confusion last night I didn't even notice. Anyways, he quickly went offline and de-friended me when I logged on. But not before I got his gamertag. Good times.

Kerig, do you have any idea how these hijackings are happening? I'm 100% sure it wasn't a key logger or anything of that nature. I'm leaning towards a social engineering issue at Origin.

 

[cancerman1120]

Hmmm I wonder if this is why I got 3 emails asking to reset my Origin password.

 

[mindatlarge]

[quote name='cancerman1120']Hmmm I wonder if this is why I got 3 emails asking to reset my Origin password.[/QUOTE]
Yeah, man...I'd change your password asap, make sure emails and such haven't been changed as well, though you will get an email from Origin if that happens. Pick a password you never use anywhere else except for Origin or you could end up like me.

 

[cancerman1120]

[quote name='mindatlarge']Yeah, man...I'd change your password asap, make sure emails and such haven't been changed as well, though you will get an email from Origin if that happens. Pick a password you never use anywhere else except for Origin or you could end up like me. [/QUOTE]

Yeah thanks. Sorry it happened to you. I hope they make it right. Just changed mine.

 

[mindatlarge]

[quote name='cancerman1120']Yeah thanks. Sorry it happened to you. I hope they make it right. Just changed mine.[/QUOTE]
Forgot to add, you should set up your Microsoft proofs as well. It would have saved my ass here. That's adding MMS, secondary email, etc to your security measures on your Live account. You can do all that jazz at accounts.live, yes, its a legit Microsoft site.

I know this seems to be localized to Origin (unless you use the same passwords), but you can never be too safe!

 

[Kerig]

[quote name='mindatlarge']Kerig, do you have any idea how these hijackings are happening? I'm 100% sure it wasn't a key logger or anything of that nature. I'm leaning towards a social engineering issue at Origin.[/QUOTE]

Most likely Social engineering. Origin needs to shove a bag of dicks in their mouths and stop giving out any info, ever.

Microsoft never acknowledged the fact that the leak was coming from EA/Origin. It was always a bit of a mystery, and I don't even have an Origin account. After I was hacked, I received an E-mail saying thanks for joining Origin/FIFA.

The only constant to the whole scenario was always D-bags hacking your account to buy a ton of FIFA packs with your points. I can guarantee you that the gamertag you saw was an accomplice to the scam. After purchasing the FIFA packs, they have to trade the good cards with someone else to get them off of your account IIRC.

Also, check your gamerscore, if it's the same scam as last year you should have FIFA13 showing as a recently played game, possibly with 10-15 points if the achievements are the same as last year's version.

 

[mindatlarge]

[quote name='Kerig']Also, check your gamerscore, if it's the same scam as last year you should have FIFA13 showing as a recently played game, possibly with 10-15 points if the achievements are the same as last year's version.[/QUOTE]
Yeah, my gamerscore will forever be tainted with the achievement "Mr. Manager" (Take Control of your own FIFA Ultimate Team). They also booted up a Flight Simulator game for Windows for some reason.

 

[JasonTerminator]

[quote name='mindatlarge']Yeah, my gamerscore will forever be tainted with the achievement "Mr. Manager" (Take Control of your own FIFA Ultimate Team). They also booted up a Flight Simulator game for Windows for some reason. [/QUOTE]

Yep. And Microsoft refuses to remove achievements for any reason. Unless you cheat for them, in which case they'll wipe all of your achievements.

Pretty stupid system IMO.

 

[mindatlarge]

Just an update, the Microsoft refund for $124.98 went through. I'm actually pretty impressed with how they handled my situation and how fast they got my money back to me. They don't seem to be ing around.

 

[Spokker]

[quote name='mindatlarge']Just an update, the Microsoft refund for $124.98 went through. I'm actually pretty impressed with how they handled my situation and how fast they got my money back to me. They don't seem to be ing around.[/QUOTE]

At this point I would say they are responsible for not patching this huge ing hole. End the FIFA card nonsense. They can shut down multiplayer matchmaking servers but they can't shut down this FIFA crap? End it if it cannot be secured.

 

[defpally]

[quote name='Spokker']At this point I would say they are responsible for not patching this huge ing hole. End the FIFA card nonsense. They can shut down multiplayer matchmaking servers but they can't shut down this FIFA crap? End it if it cannot be secured.[/QUOTE]

I have heard of these hacks that get turned into FIFA stuff. What is it about that game that is drawing all of the hackers? Is their DLC so amazing or valuable or is there something about that game that enables the hacks? Or is it just an amazing grey market on the content? Obviously Origin is involved, but Origin is in lots of their games - Dragon Age, Mass Effect, Kingdoms of Amalur, etc.

I understand FIFA is a really popular game, particularly in Europe, but I would think that stolen points would be used all over the place and not just on FIFA. What am I missing in this?

 

[JasonTerminator]

[quote name='defpally']I have heard of these hacks that get turned into FIFA stuff. What is it about that game that is drawing all of the hackers? Is their DLC so amazing or valuable or is there something about that game that enables the hacks? Or is it just an amazing grey market on the content? Obviously Origin is involved, but Origin is in lots of their games - Dragon Age, Mass Effect, Kingdoms of Amalur, etc.

I understand FIFA is a really popular game, particularly in Europe, but I would think that stolen points would be used all over the place and not just on FIFA. What am I missing in this?[/QUOTE]

From what I understand it's a form of money laundering. People buy packs for FIFA, which can be traded to other XBL accounts, making it difficult to track. I'm sure there's a website somewhere where people spend money to get certain cards, and FIFA is an extremely popular game.

I agree that EA should shut the whole system down, since it's clearly such a favorite for hackers, but they have no real obligation to do so.