New to the forums? Click here to read the "How To" Guide.

Developer? Click here to go to the Developer Forums.

Apparently EA/Origin Credit Card system has been hacked...

captaintripscaptaintrips Posts: 313
Art3mis
edited July 2014 in General
This HAD to happen just a week before they start shipping. :(
Couple weeks back, I made a joking comment in a thread "they really should start charging payments before my credit card gets hacked again, as its happened almost every 90 days on the mark".
Guess I should have kept my mouth shut.

So I check my bank statement today, and sure enough, 4 unauthorized charges, totaling almost $150 from EA and Origin services (some duplicated) on my bank/credit card.

So I'm like "I didn't make these charges, wtf"... so I google them... and sure enough, thread after thread of recent posts about people with similar fraud, with far worse charges. Apparently EA/Origina wont acknowledge its a problem yet.

http://www.whatsthatcharge.com/ORIGIN-COM-EA-REDWOOD-CITY-CA



EITHER way, my credit card is disabled and I wont receive a replacement for several days. I pleaded with my bank to leave the card open and monitor any activity and just call me to approve it, but they refused, and would only shut down my card. They did acknowledge that they knew of this issue since as early as last week from other activity on other accounts. This close to shipping... damn it.

Only other method I can do until that card arrives is paypal. Guess my place in line is tossed out the window.

I'd advise everyone else here that uses EA/Origin to keep a very close eye on their CC accounts.

Comments

  • TheShawnsterTheShawnster Posts: 39
    Brain Burst
    send a message to oculus with a different credit card, you can get pre payed and or cash on the go credit cards and ask oculus to change the credit card im sure they would love to help out
  • captaintripscaptaintrips Posts: 313
    Art3mis
    send a message to oculus with a different credit card, you can get pre payed and or cash on the go credit cards and ask oculus to change the credit card im sure they would love to help out


    actually that's a really damn good idea. my bank was like "well we don't issue temporary cards, but your new one will be in within 7 business days... kthnxbye!"


    might give that a try
  • TheShawnsterTheShawnster Posts: 39
    Brain Burst
    also you should sign up for a prepayed mastercard they are way more reliable, cant take money that is not there...

    well for online transactions anywase
  • NetNAVINetNAVI Posts: 1
    Glad I've been haunting the forums watching for dk2 shipment info :lol: as soon as I spotted this I change my Origin password luckily I have no payment info linked thank you!
  • ThreeEyesThreeEyes Posts: 2,230
    NerveGear
    Any systems that take credit card info need to be locked down tight as all hell. Sorry Trips. That sucks.

    On the plus side (if there is a plus side), Cyber said people won't lose their place in line. Just watch for that e-mail for billing info and here/reddit for when people start posting about them hitting, and update ASAP.

    But that does suck. Rift stress. Maybe someone should do a fraudulent credit card charge simulator...
  • archaicbereftarchaicbereft Posts: 363
    Hiro Protagonist
    Contact Oculus support, from everything I have read people get great responses from them and they are more than willing to help you.
    Almost any idea can seem obvious once the inventor tells you how it works.
  • cyberealitycybereality Posts: 26,156 Oculus Staff
    You can contact Oculus support, but unfortunately we are not able to update or change payment information manually. However, we are working on a web page that will let customers do this themselves. Obviously there is not a lot of time left, but we are hoping to have this working soon.
    AMD Ryzen 7 1800X | MSI X370 Titanium | G.Skill 16GB DDR4 3200 | EVGA SuperNOVA 1000 | Corsair Hydro H110i
    Gigabyte RX Vega 64 x2 | Samsung 960 Evo M.2 500GB | Seagate FireCuda SSHD 2TB | Phanteks ENTHOO EVOLV
  • captaintripscaptaintrips Posts: 313
    Art3mis
    edited July 2014
    Well that's my luck.

    Order it as soon as I see the email, couldn't use paypal because paypal option wasnt working from the rush of people flooding the site so I had to use credit card (which this is why I hate doing it), LITERALLY wait for this week to come for months, checking my bank account everyday to make sure everythings good, and then, of course, the week that the the DK2 is supposed to ship.... boom, some jerk out there trolls me and steals my credit card and effectively eliminates me from being able to complete my order and just so happens to be THIS, of all weeks, and there's no apparent way to correct it (at least not yet).

    Excuse me while I go jump off a cliff, gentlemen....

    But in all seriousness, I'll just wait to hopefully get that "you card has been declined" email, and keep my fingers crossed that you guys are able to accept another card or method of payment at that time.

    There is some dialbolical, evil force at play here trying to do everything it can to keep me from getting a DK2 in a timely manner. I'm certain of it.

    :cry:
  • RirtualVealityRirtualVeality Posts: 737
    Nexus 6
    Damn...this scared the shit out of me. Just checked...all good so far. :?
  • michealvmichealv Posts: 307
    I also had a check, will be keeping a close eye on the account over the next couple weeks, thanks for posting this I wouldn't have known otherwise.
    CPU: Intel i7 4770k 3.8ghz (water-cooled) | GPU: G1 980ti 6gb | G.Skill Ripjaw's 16GB DDR3 1600mhz | 28" Samsung LED 4k monitor (60hz display port) )
  • RedRizlaRedRizla Posts: 6,926 Valuable Player
    So is Origin asking that you change your password because I never got an email from them?
  • michealvmichealv Posts: 307
    lovethis wrote:
    So is Origin asking that you change your password because I never got an email from them?

    Apparently they are refusing to acknowledge anything, I couldn't find much on it myself.
    CPU: Intel i7 4770k 3.8ghz (water-cooled) | GPU: G1 980ti 6gb | G.Skill Ripjaw's 16GB DDR3 1600mhz | 28" Samsung LED 4k monitor (60hz display port) )
  • AlciAlci Posts: 218
    Maybe it's not Origins fault then. You know, 95% of "hacked" accounts actually means people gave up name/password "willingly" because they don't follow basic rules. They don't even know that so the only only explanation is "magic" of hacking. That's how it is.
  • amegasamegas Posts: 59
    Hiro Protagonist
    Is there an official statement?
  • fabsterpalfabsterpal Posts: 86
    To be honest, this is all your fault. EA pump crap out like FIFA on a yearly basis and you except their servers to be secure? Bah!
  • InditronicInditronic Posts: 59
    Hiro Protagonist
    i dont know, you say it happens every 90 days to you. i also have a credit card and used it at many websites incl. origin and thinks like this never happened to me. you must do something wrong. maybe check how strong your password is.
  • RiftXdevRiftXdev Posts: 847 Poster of the Week
    I'm not changing my payment information. If the card happens to get hacked then I'm sure the bank will return my money. If Oculus can't bill the card I'm sure they'll ask me for another card which I'll give them.

    I have a habit of not really worrying about things until I need to.
    DK1 | DK2
    "The question isn't who is going to let me but rather who is going to stop me"
  • I'm sure if Origin had really been hacked, we'd know about it seeing as they have millions of users.

    Sounds like your card has been skimmed or the details were gotten elsewhere. It happens.
  • fabsterpal wrote:
    To be honest, this is all your fault. EA pump crap out like FIFA on a yearly basis and you except their servers to be secure? Bah!

    No1, it's clearly not his fault, EA is a major publisher and you would expect them to keep cards secure.

    No2, there is no proof Origin has been hacked.
  • captaintripscaptaintrips Posts: 313
    Art3mis
    I am merely implying that I had 5 unauthorized charges on my bank statement. I searched these charges, and I literally found page after page of others who had been charged upwards of $150 in simular fashion to the same EA/Origin charges, though there were also a couple other charges not related to EA/Origin.

    This appears to have started last year, and still continuing today according to many others out there... but let me correct myself: It might not be Origin that got hacked, but some other commong service (which is apparent) that must have had some sort of credit card database breach. Who and what, I have no idea.

    My bank was already aware of the problem, and their systems automatically shut off my card.

    Fortunately, a family member is allowing me to use their card (should I not have my replacement card) in the case that Oculus goes to ship my order this week and it fails payment. I'm hoping that "you can update your payment information with us at that time without losing your place in line" is still the case.... though from what cyberreality is stating (and i could just be misreading his statement), if your credit card is no longer valid that you ordered with, they may not have a system in place to allow you to change payments until much later. Is that what im reading on his reply, or is that not what he's saying?
  • ThreeEyesThreeEyes Posts: 2,230
    NerveGear
    No1, it's clearly not his fault, EA is a major publisher and you would expect them to keep cards secure.

    No2, there is no proof Origin has been hacked.

    You would expect a lot of retailers/vendors would keep their systems secure but many don't. Many times it's sloppy security on their part but other times it's hardware hacks located on their premises where someone gained access and installed a small server on their internal network, accessed their network through unsecured wireless, etc. There are also zero day exploits where hackers find a hole and exploit but nobody even knows about it to fix it even if they have the best security team in the world.

    Computer security is a very complex topic and the thieves are very motivated. Billions of dollars is a powerful motivator. Add to that the fact that many execs think of their IT security as wasted money that doesn't really return on investment so they always strangle it for resources and it's no wonder so many get hacked and it ultimately puts some of them out of business.

    It could be Trips was phished but maybe not. All you have to do is visit a website that has been compromised and it can attack your computer automatically. Many brand name websites have been hacked and so have many others you might consider "safe" and "secure". Once compromised, when anyone visits, the code asks for version numbers of installed software and serves up the appropriate attacks. This stuff happens all the time and once you are compromised code on your computer watches for credit card information, login and account information, captures it, and sends it out to those who either want to resell it or use it themselves.
  • captaintripscaptaintrips Posts: 313
    Art3mis
    heh, threeEyes, you seem like you know quite a bit about this topic :P

    BUT, in all seriousness, my bank issued me a temporary replacement card since my actual replacement wont be in for about a week. Course, the new cards are new numbers, so either way, I've still got to have hope that oculus gets its CC update system in place for denied card payments before they attempt to ship them.

    The bank was pretty much like "We won't open the old card backup no matter what the urgency or whatevers pending payment to it. Thats just a inexcusable vulnerability we'd get in trouble for. But here's a new card. Good luck. It's the best we can do."

    Fingers crossed!!!


    EDIT AND UPDATE: Disaster averted. Oculus support contacted me saying that I'll be able to resolve the issue once my payment is charged and declined, then it will permit me to update that card info without any interruption. :D
  • pandaspurpandaspur Posts: 42
    ThreeEyes wrote:
    No1, it's clearly not his fault, EA is a major publisher and you would expect them to keep cards secure.

    No2, there is no proof Origin has been hacked.

    You would expect a lot of retailers/vendors would keep their systems secure but many don't. Many times it's sloppy security on their part but other times it's hardware hacks located on their premises where someone gained access and installed a small server on their internal network, accessed their network through unsecured wireless, etc. There are also zero day exploits where hackers find a hole and exploit but nobody even knows about it to fix it even if they have the best security team in the world.

    I think you watch too many hacker movies/tv shows.
  • ThreeEyesThreeEyes Posts: 2,230
    NerveGear
    pandaspur wrote:
    I think you watch too many hacker movies/tv shows.

    Actually, part of my job is computer security. It's real. And a lot more.

    I wish it wasn't so real. What happens on the internet is pretty amazing. The hacker movies overly simplify things and show really stupid interfaces, but the realities of what goes on are pretty amazing.

    If you think what I said isn't believable, you should do some research.

    You highlighted the bit about unsecured wireless and servers implanted on an inside network. Try these...

    http://www.zdnet.com/blog/ou/tjxs-failure-to-secure-wi-fi-could-cost-1b/485

    https://www.pwnieexpress.com/penetration-testing-vulnerability-assessment-products/sensors/pwn-plug-r2/

    http://arstechnica.com/business/2012/03/the-pwn-plug-is-a-little-white-box-that-can-hack-your-network/
  • pandaspurpandaspur Posts: 42
    ThreeEyes wrote:
    pandaspur wrote:
    I think you watch too many hacker movies/tv shows.

    Actually, part of my job is computer security. It's real. And a lot more.

    I wish it wasn't so real. What happens on the internet is pretty amazing. The hacker movies overly simplify things and show really stupid interfaces, but the realities of what goes on are pretty amazing.

    If you think what I said isn't believable, you should do some research.

    You highlighted the bit about unsecured wireless and servers implanted on an inside network. Try these...

    http://www.zdnet.com/blog/ou/tjxs-failure-to-secure-wi-fi-could-cost-1b/485

    https://www.pwnieexpress.com/penetration-testing-vulnerability-assessment-products/sensors/pwn-plug-r2/

    http://arstechnica.com/business/2012/03/the-pwn-plug-is-a-little-white-box-that-can-hack-your-network/


    I won't get into how those alone wont help you get usable credit card info from a PCI compliant corporate infrastructure.

    A retailer with POS systems on a badly segregated and unprotected network is another story. A very very sad story.

    But I'd bet EA didn't get compromised (not because EA is smart, but because the % of people complaining is tiny).
    OP needs to pick better passwords.
    I've had my Origin account stolen before, but lost nothing since no CC info was saved on my account.
    I did log on to BattleLog to see someone had changed my BF3 nickname and played a few rounds though.

    EDIT: But oh, on another note, I'm glad the OP got everything sorted out with Oculus.
  • ThreeEyesThreeEyes Posts: 2,230
    NerveGear
    I have no idea how things got compromised at EA - if they were even compromised at all. I was just saying if they were compromised there are various ways it could happen. And sadly, there are still plenty of places that should be PCI compliant but are not. The Pwnplug stuff is great for penetration testing but employees fall for it all the time nd they do get planted. It's probably much more rare to have it happen in real life with similar hardware but it does happen. Key loggers and online ruses are possibly more likely. Who knows?

    But I'm also glad Cap'n got his stuff sorted and OVR will work with him and others.
Sign In or Register to comment.