Global Conflict

http://www.eurogamer.net/articles/2012- ... g-hijacked

EA denied any breach about 3 weeks ago. But seeing how EA treats bugs in their games, I have little faith in Origin's security. And using a players ingame name as a Origin login opens everyone open to brute force password attacks that plays BF3. Poor security implementation by EA.


At least Blizzard made a big announcement when they were breached a couple months ago.

Gwynzer wrote:

LoA wrote:Also use both small and capital letters, aswell as numbers and characters.

Or . . .

Interesting.

But in this case that doesn't matter, since the russians already got their hands on your password. Most websites store your password as a md5 hash and the hackers needs to decrypt them in order to decipher the actual password. That's why having a more complex password is good when things like this happens, it takes alot more time to decrypt them.

Wouldn't be surprised if EA stored all password as clean text though.

henidhor wrote:Wait a minute, so everyone is freaking out and trying to change their password because some kid on the internet experienced reputable youtuber made some ridiculous claim with no factual basis of official mention? Not to mention the fact that this random person on the internet makes money by attracting your views through sensationalist headlines?

C'mon guys, look a little deeper than the headline.

This is taken straight from Origin's Facebook page. This post might be a reference to the security breach that is being discussed in this thread.

It's a good thing I have a pretty crazy password.

What pisses me off is their refusal to accept special characters in passwords. Expanding the search space is the name of the game, not restricting it. Reminds me of a company I used to work for requiring you to have exactly six characters for a password. What the hell.

Or . . .[/quote]

Why have I never thought of this myself!

ShadowRado wrote:Or . . .

Why have I never thought of this myself! [/quote]

Unfortunately, a lot of places only allow you to have a maximum of 16 characters.

I did some digging, and a story from mid November same time line these issues began to occur. The information was acquired from pcs infected with keyloging/malware used to acquire the information. Click me to read the whole story.

The last time I changed my password, I couldnt play for ~1 week. Couldn't login anymore. Because of Origins strange behaviour.

You can change your password to anything you want while changing it in Origin (The client), but you are limited to 16 characters and no special characters when changing it on EAs website. So careful where and to what you change it. Had big Problems with this...

I feel pretty safe with my password system (different email and password for Origin, Domain and email Account). But when they get my email and password through Origin and are then able to change both via Origin, I cant really do much.
I heard somewhere you can add a security question, when you ask for it via support. Not sure if its ture and how it will work, but I might check that out later.

Gwynzer wrote:

LoA wrote:Also use both small and capital letters, aswell as numbers and characters.

Or . . .

hahah is this true?!?

Yus.

sorry but hes just showing the game screen, and talks, like everyone on youtube.
if it did happen at least show screenshots of that.
also no link to news post about it, no where even unofficial site.

wont do anything. i can post youtube about gladious wrecking loa vid card
and how dangerous it is to play in the same server with them...
get real. kid or no kid, there are ways to back words up...

im with digz.
1) no one stolen any of my accounts before.
2) i have only BF3+premium in Origin.
3) no facts in the vid.
EA is the most hated organization (according to some survey) so people posting how EA suck is not a surprise.
if someone stole the entire origin user list with all their info, i'd believe EA would do something about it, because if they don't and it gets out, no one will ever trust EA again. not to mention law suits and all of that (there are regulations on what and how to store sensitive data). just the huge sell drop after it gets out doesn't make it worth to keep it quite and not do anything about it.
i'd expect the minimum would be to send an email telling you to change your password.

peoples accounts being hacked because they are careless. their passwords are stolen by viruses (key loggers) or fishing sites, and they blame it on EAs security.

LoA wrote:But in this case that doesn't matter, since the russians already got their hands on your password. Most websites store your password as a md5 hash and the hackers needs to decrypt them in order to decipher the actual password. That's why having a more complex password is good when things like this happens, it takes alot more time to decrypt them.

You can not decrypt a hash because no encryption is being used. It's a hash, the original content is not in there.

LoA wrote:Wouldn't be surprised if EA stored all password as clean text though.

I would be, really. They are not some stupid script kiddies.

This Thread is kinda old.. but anyways...

Had to reinstall Windows and after starting Origin again I had to set a security question. Dont know if its for everyone yet. News is 2 Days old. But something is happening.
Infos:
https://help.ea.com/article/why-is-orig ... y-question

So maybe EA cares about our accounts after all.

Even if there was no mass compromising of Origin accounts it's always a good idea to regularly change your account password. That's obviously not practical for all sites, but for any account that you regularly use and has a connection to your billing information it's a good habit to get into.