Author Topic: Origin (EA) password reset  (Read 69 times)

Snique

  • Cupcakes Member
  • Hero Member
  • *
  • Posts: 1789
Origin (EA) password reset
« on: September 19, 2017, 01:36:26 PM »
This afternoon I got an email saying, in part:
Quote
The password for your Origin account was recently reset because a standard systems analysis indicated that your user name and password may have been subject to suspicious activity.

I haven't used my EA/Origin account for quite some time. The email contains a URL that purports to go to signin.ea.com but in fact goes to http://click.e.ea.com/ followed by a very long token. Chrome barfs on this because "too many redirects" which is a typical thing to do when someone is URL spoofing.

So I wonder if anyone else got such a mail and what your experience was?

Edalia

  • Red Velvet
  • Cupcakes Admin
  • Hero Member
  • *****
  • Posts: 4128
Re: Origin (EA) password reset
« Reply #1 on: September 19, 2017, 02:56:20 PM »
I wouldn't put my password into a URL that isn't https, but it's not out of the realm of possibility that your username/password hash pair showed up in a hacked dump. Or that someone was using it for nefarious purposes.

The usual "Change Password" email I've gotten from EA.com similarly displays a long https://signin.ea.com URL with a token, but directs you to click.e.ea.com . If you care about your Origin account, I'd go to signin.ea.com, choose "Forgot password?", change your password, and turn on 2FA.
o/\o