Passrock has been upgrading our data-aggregation engine throughout 2015. The upgrades have focused on both the locations where we search for compromised user credentials as well as upgrading our ability to associate the credentials to a service/enterprise. Based on the past 6-months of data collection, we thought it would be interesting to do a deep dive on one service and share our findings in 2015.
The service we are doing a deep dive around is EA’s Origin.
Here are the number of compromised credentials that Passrock identified in 2015 by month for Origin:
| January | 28,720 |
| February | 4,054 |
| March | 4,231 |
| April | 1,767 |
| May | 2,805 |
| June | 2,152 |
| July | 14,323 |
Looking at the monthly trend for Origin versus the monthly trend for all the data that Passrock aggregated during these seven months, Origin’s trend was more extreme. January and July were 57% higher than the February through June time period for all the data aggregated by Passrock versus Origin’s January and July were 6X the remainder of the year.
Looking more closely at the distribution of compromised Origin credentials by day during each month, we’ve put together the chart below.
To provide clarity around the chart, the row in January represents:
6 days with >1000 compromised Origin user credentials identified, 2 days with 500 – 999 compromised Origin user credentials identified, 6 days with 100 – 499 compromised Origin user credentials identified, 10 days with 1 – 99 compromised Origin user credentials identified and 7 days with 0 compromised Origin user credentials identified. Finally, In January, 55% of the days in January had 0 – 100 compromised Origin user credentials identified. February – June, the majority of the compromised Origin credentials identified were identified in 4 – 6 days during the month.
| # | January | February | March | April | May | June | July |
| >1000 | 6 | 1 | 1 | 0 | 1 | 1 | 2 |
| 500-999 | 2 | 2 | 0 | 2 | 1 | 0 | 6 |
| 100-499 | 6 | 3 | 5 | 2 | 3 | 3 | 2 |
| 1 – 99 | 10 | 9 | 10 | 6 | 11 | 6 | 12 |
| 0 | 7 | 13 | 15 | 20 | 15 | 20 | 9 |
| Total | 31 | 28 | 31 | 30 | 31 | 30 | 31 |
| 0-100 | 17 | 22 | 25 | 26 | 26 | 26 | 21 |
| % | 55% | 79% | 81% | 87% | 84% | 87% | 68% |
The majority of the Origin compromised credentials were identified and aggregated from 9 locations — 3 private forums, 3 paste sites and 3 cracking sites.
Through reading the discussions and news across the web, it appears that Origin had a major issue in January 2015. The articles indicated that it was a result of cracking, details here. Through doing more research, this Reddit post shows the extent of the issue. Also, in July it appears that EA transferred all their Origin accounts to EA accounts, details here. Curious to here your thoughts on the primary causes of Origin’s compromised user credentials?
If you are an Origin member or suspect you have data compromised:
Passrock offers a free service to check your accounts here.
Passrock also offers a notification service for breached data for consumers and enterprises, check them out here.
Also, Passrock recommends Dashlane as a tool to manage strong passwords simply.
Passrock welcomes your feedback, questions and insights around this post, as we work to expose the data on the dark web to consumers and enterprises.
Stay Safe!
The Passrock Team
getpassrock.wordpress.com 
My son is a hard core xbox game player. Around 2 months ago he began having issues. Reported to Microsoft multiple times that appeared his account had been hacked. Also, all kinds of charges appearing on his credit card and mine (when I had used to purchase MS XBox yearly subscription). Still to date we have not had sufficient help from Microsoft to get to the bottom of the problem. Several times when I’ve called to inquire about charges they disconnect the call. The merchant via the charges appear to be: MSFT *Xbox Live Bill.XBOX.COMWA; Microsoft *Bill.MS.NET WA; and MSFT *XBOX Live NV. some amounts show on his Microsoft account billing history, yet not many. I did find a list of various payment/transactions under his Google account. At a lost as to how to handle. This past two month alone charges totaled over $400. Can anyone help with advice on whether or not I should pursue with these unknown charges and ones that don’t seem correct? like Battlefield; According to his Microsoft account and bank he purchased online 8/20/2015 and paid $59.12 then the following charges on 9/7/15 $14.77, 9/21/15 $49.26, 9/21/15 $49.26 (yes, that’s correct $49.26 twice in one day). In addition to all of these back when he was playing Fifa 15 all kinds of charges which also added up to hundreds of dollars.. Any help from honest people would greatly be appreciated. Deb S. (Bellevue, WA) – debbiest@jps.net
LikeLike