Security News Roundup: EA's Origin Platform, Adobe Forum Supposedly Hacked; Skype Patched Too
It was a busy day for EA, Microsoft and Adobe.
Wednesday was an interesting day for several service providers on the Internet.
For starters, reports surfaced that EA Origin accounts were being hijacked, including one owned by Digital Foundry's Richard Leadbetter. Origin users were alerted to the attack by email, saying that their account's email address or password – or both – were successfully changed. Thing is, these users didn't change their info, indicating that their accounts had been compromised.
Eurogamer points to threads on NeoGAF detailing numerous complaints from EA Origin users. Many have also reported that they've been completely locked out of their account, and faced a reluctant EA support team. One GAF member even took a step further by tracking down the user who took over his account, discovering the hacker to be based out of Russia.
EA eventually released an official statement regarding the hacking claims, but didn't approach the topic at hand directly. "Anytime a player has a question about the security of his or her account or personal data, we take it very seriously and take all possible steps to help," the company said. "For any customer who cannot access their Origin account for any reason, we ask them to please contact Origin Help or EA's customer experience group at help.ea.com."
Meanwhile. Microsoft faced a security issue of its own through Skype on Wednesday. The company suspended Skype password resets to fix a flaw that allowed hackers to gain control of an account simply by using an email address. The company said the issue affected a small number of users who have multiple accounts registered to one email address.
"We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly," the company said. "We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience."
While Microsoft was busy patching Skype, Adobe was busy shutting down Connectuser.com, a community forum site for Adobe Connect Web users. A hacker named "ViruS_HimA" claimed that he broke into one of Adobe's servers, and copied a database containing email addresses, password hashes and other info of more than 150,000 Adobe customers.
As proof, the hacker published a limited set of 644 records with email addresses ending in adobe.com, .mil and .gov.
"As soon as we became aware of the hacker's post, we launched our investigation, which (based on the information leaked by the hacker) led us to determine that the hacker appears to have compromised the Connectusers.com forum site," said Wiebke Lips, Adobe's senior manager of corporate communications, Wednesday via email to Computerworld.
"We are in the process of resetting the passwords of impacted Connectusers.com forum members and will reach out to those members with instructions on how to set up new passwords once the forum services are restored," Lips added.
It's just another day in the virtual wild west. Time to pull out a paperback book.
Paperback book?!?!? What's that?
When different parts of the company, Customer Service and Public Relations, lack coordination...
I disagree on the security experts part, instead of this half baked thing called Origin they need to stop the attempt at a money grab and use steam.
Do agree with the rest.
I miss the old days.
you cant contact ea without an account
fantastic.
seriously, any origin enabled game i will NEVER buy,
goog bye sim city, seeing as how they can CHANGE THE USER NAME so you have no access to the account, its sickening.
oh, and here is the kicker, you only get online chat. no email, no phone number. chat....
i barely type 23 words a minute, and i suck at writing on the fly, fan (sanction avoinding word) tastic.
oh yay, my account got hijacked, and without an EMAIL CONFIRMATION had my username changed.
the most basic of basic security measures, and they couldn't even do that.
yea that sucks man i know. security major myself i know how these things are done.
While i was looking into how to contact EA support, which is a challenge all by itself, i noticed some hijacked accounts had their date of birth changed! Why the hell is this even changeable? its not like i get reborn every few months...
Problem is, you need your DOB and a CD key to restore the account. If the DOB is changed then you're screwed. Just requiring these 2 bits of information is bad too since the hijacker can get into your account by contacting EA support and giving them the same details, since origin shows your CD key and DOB ><
EA really need to step up their security, they at least need a secondary email and a better way to contact support (yay for having to register again). This is why i
but i dont, and i cant even express how angry i am about this crap here, i have to censor every sentance i say because im adding in words that will get me sanctions.
i mean i get it, crap gets hacked,
but they changed my user name
they changed the email
they changed the password
all without 1 confirmation.
my steam account got hacked a while back too, but they never got through before i changed my password because they needed to get into my email too, to get to my 4 diget code you have to answer whenever steam is opened on a different browser or computer.
most of my accounts have been hacked, or attempted to be hacked at one point in time or another, and they only got through once, and that was twitter that i dont use, just have because i thought it may have been usefull.
i cant understand why, on an online platform that takes a credit card information, they have such lax security.
i wanted sim city, i was going to put up with origin for it, but no, no no no no no no no no NO!
i will never return to that platform again, and i just want my account back for piece of mind, and nothing more.
For the children D:!
The players did not though, and they're the ones suffering. So %^$@ you instead.
Think of who's really affected here. It's not EA, they don't give a damn. It's the players who'd like to play ME3, BF3 and so on, and despite people hating on Origin (which is BS, at least the reasons they list: Origin has a big number of downsides compared to Steam - no regular sales, region locks etc. - but the USUAL reasons people list are just retarded... "OMG I HATE ORIGIN BECAUSE IT'S NOT STEAM") these are great games and no one should get away with stripping players who bought the games of access to them.
I'd be very, VERY upset if my Origin account got taken away from me, 'cause even though I own just one game - Mass Effect 3 - I enjoy the hell out of it, Origin or not. I'm glad I'm not affected, though from what I'm reading here, there isn't really much I can do to further secure my account
I bought the entire ME trilogy, grabbed 3 from elsewhere, because I refuse to use Origin. Not because it isn't steam, but because it isn't safe, it is an inferior service, I don't feel comfortable putting my information anywhere near it.
So, good luck EA, and I wish the best to all of you that are affected, but this is another nail in the Origin coffin.
Have fun dealing with consiquences.