14 DAY TRIAL // A post on Twitter announced that 1.2 million user credentials for logging into the Electronic Arts’ game digital distribution software are up for grabs for whoever is interested.
The post came from Underground Legion (@UGLegion) on Twitter and linked to a Pastebin file containing 1.218.229 emails and plain text passwords. The list contains email accounts from Google, Microsoft (Hotmail and Live) and Yahoo! and other webmail services.
It appears that every user in the list had registered an origin account using all four main services and in some cases variations of the same username are visible.
In the Twitter conversation it is said that Origin administrators have been informed of the breach and that users are probably to be notified; the stream also contained a hint that the breach occurred though HTTP header injection, where headers are dynamically generated based on user input.
Origin has been breached by #UGLegion http://t.co/teUSMbA0v4 -37MB's of ORIGIN Users; - 1.2million in total. @anon99percenter
— UGLegion (@UGLegion) June 13, 2014
Origin platform allows online game purchasing and downloading them with a client. It is available for both desktop and mobile platforms.
Social features such as networking with friends, chatting with them, checking out the games they’re playing as well as inviting them to join your gaming session. It also sports broadcast capabilities to show other gamers your skills.
"Origin has been breached by #UGLegion," the tweet says, adding that the entire database is 37MB large.
The profile information for the @UGLegion account reads “exposing greedy companies & fake hackers since 2012.”
[Update, June 14, 2014]: An EA representative contacted us to set things straight. Regarding the matter, Sandy Goldberg, Corporate Communications Manager at Electronic Arts told us via email that "there is no truth to this. It was an artificially-generated list that has nothing to do with Origin."
Furthermore, the Origin Twitter account informed gamers that the breach claim had been found to be nothing but hot air.
@kalium We've extensively researched this claim and found it to be bogus. Your security is a top priority for us.
— Origin (@OriginInsider) June 13, 2014