Origin account compromised again

[jaslion]

Hi,

 

So this is the 38th time (since I started counting 2 years ago) my origin account has been compromised. It is always by people either speaking Korean AND they always send friend requests to the same people so I am pretty much confident it is the same people doing it over and over. When I try to log in I get a 2FA message but when they log in I get nothing so they must be bypassing it some way.

 

I have 2FA set up, I have random generated passwords set up, my computer is not compromised what so ever as even after a password AND email change on a fresh never used pc it happened in days again and I did not use the pc for that time or any computer that had a sign in to anything containing passwords.

 

I have also moved password vaults, moved it to 6 other emails, always a complex randomly generated password and it just never seems to work.

 

I am safe from buying anything on it as nothing is linked. I have contacted Origin support about this multiple times and nothing changes. I still get broken into the moment they wish to play Titanfall 2, Bf3 or BF4. My friends that are on my friend list still report me playing at the weirdest of times when I am not even at my pc and it is always those couple of games (I have hundreds of hours in all of those extra when I myself have barely even played 50). It also seems that this is shared between 3 people as there are always 3 nicknames dropped in chat logs they leave open if they aren't mocking me for changing my password again.

 

Oh and the worst thing is they just paste my password in the chat often and have basically said they have flat out access to multiple permanently compromised accounts like mine.

 

What can I even do anymore? There is little of value to me on my origin but it is super annoying. I know I am not compromised anywhere else so that is a nice relief as I've always maintained pretty high security and separate emails and such for different purposes.

[SorryBella]

4 minutes ago, jaslion said:

Oh and the worst thing is they just paste my password in the chat often and have basically said they have flat out access to multiple permanently compromised accounts like mine.

Either whistleblow to someone with agenda against EA (sarcastic option), or tell EA support about it.

 

How about making new accounts? Are they compromised immediately like others? What about scanning through malwarebytes?

[jaslion]

1 hour ago, Benji said:

The thing is, given the fact that he set up his new mail address and such on a non-compromised system makes me think that it has to do with his account in general, like secondary login credentials should that be possible. I am thinking of Google Authenticator or something like that as a 2FA method that they authenticated on their phone and then they just use the "forgot password" option to get in somehow over an e-mail address that he has yet to discover in his account.

The only one I have active is Authy and I do not have a 2FA connection on it with origin.

[jaslion]

1 hour ago, SorryClaire said:

Either whistleblow to someone with agenda against EA (sarcastic option), or tell EA support about it.

 

How about making new accounts? Are they compromised immediately like others? What about scanning through malwarebytes?

Support has been less than helpful about it. It is always the we will reset your password and remove the current 2FA + recovery account keys. Then I go through the proccess of setting it up again and that is the end.

 

I don't believe they permanently compromised my account but I am very confused how they are even getting my randomly generated 20 char long passwords and pasting them in chat with their friends. Oh also their friends basically have no games these are empty accounts so idk what is going on with that.

[jaslion]

1 hour ago, SorryClaire said:

Either whistleblow to someone with agenda against EA (sarcastic option), or tell EA support about it.

 

How about making new accounts? Are they compromised immediately like others? What about scanning through malwarebytes?

My secondary origin has not been compromised and that has been logged into from my pc quite often. Malwarebytes brings up nothing as usual. I've monitored network traffic and everything but there seem to be no suspicious connections.

[Soag]

The idea of verified authentication method - or something similar - lines up with you not receiving 2FA messages when they get it.

Also, how come their accounts aren't banned, yet?

Haven't you made screenshots of those messages they leave you and added that info for support team? They should even be able to check their connection details and permaban them from accessing Origin. It's not like they plan to spend money there anyways. Ofc unless they use something to change their details e.g. VPN.

[jaslion]

17 minutes ago, Soag said:

The idea of verified authentication method - or something similar - lines up with you not receiving 2FA messages when they get it.

Also, how come their accounts aren't banned, yet?

Haven't you made screenshots of those messages they leave you and added that info for support team? They should even be able to check their connection details and permaban them from accessing Origin. It's not like they plan to spend money there anyways. Ofc unless they use something to change their details e.g. VPN.

Yeah all have been reported and so far 4 have left my friends list so I assume these are gone now. This isn't the first time I've done all of this.

 

The weirdest part about 2fa is that the only 2fa I allow is email nothing else support even made sure that it would not be able for me to set up 2fa on anything but my email with a time limit for 6 months and this happened again after not even a month after the last time.

[Revdudeson]

I think it has to do with Origin because I have had my account compromised the same way 4+ times with them bypassing 2FA as well. Surprised it's not a bigger issue. Haven't experienced many problems since resetting password to randomly generated and changed email though. Definitely would contact support about it? Or maybe like said before in the thread, creating an entirely new account?