The live chat support for EA's Origin client has had its share of hilarious ineptitude in the past, but a new report indicates the service may have fallen victim to something far more serious.
Members of the GSN Gaming forums are claiming that hackers have begun to take advantage of chat support to hijack Origin user accounts en masse, locking paying customers out of their accounts with no easy way to reclaim them.
The attack allegedly exploits a loophole in EA's security policy, whereby support representatives are authorized to change the e-mail on any Origin account so long as the customer can provide the current e-mail and birthdate that are linked to the account. Unfortunately, that information is relatively easy to find on social networks and forums, giving hackers the means to redirect any account to an e-mail they own. Once that's done, they can use Origin's account recovery features to change the password on the account, locking out the owner.
So what's to stop the owner from doing the same thing to take it back? Apparently, Origin support only keeps your account's current e-mail address on file. That means the legitimate owner of the account will have no way to change it back unless he knows the address the hacker used to steal it. As a result, those with hijacked accounts are reporting that EA has asked them to open new accounts.
EA has yet to comment on the reports.
Thanks, Ironhammers.
