Possible Identity Theft Issue

Eleven · 02-16-2011, 08:06 PM

This concerned me when it happened today, and still does. I'm not quite sure what to do next other than the simple steps I have already taken.

Me and my sons used to play Dark Age of Camelot (online MMORPG for anyone who doesn't know. It is similar to World of Warcraft). We stopped playing regularly a couple years ago, and closed the 2 accounts.

So, I remained in control of the accounts, they were just inactive. We did activate a free trial last month but didn't play. My son had continued to play several 'free shards', private run game servers that didn't cost money to play. Most required some form of message board membership, so players could communicate with each other, and the game servers admins could verify who was playing. These servers were notorious for being hacked, but it didn't matter much, you just start over somewhere else.

I suspect on some of these, my son used our old legit DAoC account login info, just to make it easier for him to remember.

So today I get an email from EA-Mythic that our main account contact info and password had changed. That email also noted what the info was changed TO. I called immediately and being the original account owner, I had the 'secret word' that serves as proof to EA of the true account owner. (The second account was never affected, of course it has a different name)

I had all the info changed back, the customer service rep said the account had not been activated, so I was sure nothing had been stolen or vandalized (in the game, items are worth money and people buy and sell with real money, and malicious people will gain access to an account and delete things out of spite).

Right after the phone call, I checked the online account management page and saw that the account now had a '30 day prepaid time card' activated and the account was now active. Only 2 reasons for this: the CSR gave me the free month (doubtful, he didn't mention it) or the hacker activated the account *just* before I gained back control of the account.

So I logged in to just do a quick check and nothing was out of place, everything was where I left it. I left the character logged in and the game running for a while, just in case anyone in the game would happen to message the character, sometimes hackers and account thieves take note of characters and communicate through them.

About 15 minutes later, the phone rang and I immediately recognized the area code, as the same one that my contact info had been changed to, but it was a different number.

I answer and some guy says "Is this Scott?", I said yea and he says "My name is Mike, did you have some issue with your DAoC account?" and I replied that I had. He then said "OK, I'm sorry about that, but I had just bought that account, were you selling it?" He also said "Mythic told me the original account owner changed all of my info back".

Of course I wasn't selling, and told him so. He apologized again, and I told him he didn't need to, but the account was mine, always had been and I never had intentions of selling it. I mentioned that if he paid someone using PayFail, he could give them my number and I would help get his money back.

He apologized again and we hung up. Then I realized that the original email I received had the new contact info it, and none of that matched this guy. The phone number was different, although the same area code, and the name was different. Then I got scared and called EA support again and asked if there was any way possible for someone who did have the account name and password to actually get my personal info, like name and phone number. They stated they NEVER give out any info without the secret word.

So, somehow someone found my account name and password, which is not too hard to fathom if my stupid kid used that info on one of the free shards, but the fact that "Mike" knew my name and phone number was scary.

I don't know how he could get that info. I have changed all my passwords everywhere (none were ever the same as that game, and that game account name has nothing to do with anything real like my bank, PP, ebay, or business accounts).

"Mike" may or may not be the hacker himself, he may be a victim as well, but he has my name and phone number.

I don't use Lifelock or any other credit monitoring service, but I am considering it now, what says you?

02-16-2011, 08:06 PM	#1
Eleven Solid As The Sun Join Date: Aug 2009 First Name: Scott Location: SW Ohio Posts: 1,859 Trading: (23)	Possible Identity Theft Issue This concerned me when it happened today, and still does. I'm not quite sure what to do next other than the simple steps I have already taken. Me and my sons used to play Dark Age of Camelot (online MMORPG for anyone who doesn't know. It is similar to World of Warcraft). We stopped playing regularly a couple years ago, and closed the 2 accounts. So, I remained in control of the accounts, they were just inactive. We did activate a free trial last month but didn't play. My son had continued to play several 'free shards', private run game servers that didn't cost money to play. Most required some form of message board membership, so players could communicate with each other, and the game servers admins could verify who was playing. These servers were notorious for being hacked, but it didn't matter much, you just start over somewhere else. I suspect on some of these, my son used our old legit DAoC account login info, just to make it easier for him to remember. So today I get an email from EA-Mythic that our main account contact info and password had changed. That email also noted what the info was changed TO. I called immediately and being the original account owner, I had the 'secret word' that serves as proof to EA of the true account owner. (The second account was never affected, of course it has a different name) I had all the info changed back, the customer service rep said the account had not been activated, so I was sure nothing had been stolen or vandalized (in the game, items are worth money and people buy and sell with real money, and malicious people will gain access to an account and delete things out of spite). Right after the phone call, I checked the online account management page and saw that the account now had a '30 day prepaid time card' activated and the account was now active. Only 2 reasons for this: the CSR gave me the free month (doubtful, he didn't mention it) or the hacker activated the account just before I gained back control of the account. So I logged in to just do a quick check and nothing was out of place, everything was where I left it. I left the character logged in and the game running for a while, just in case anyone in the game would happen to message the character, sometimes hackers and account thieves take note of characters and communicate through them. About 15 minutes later, the phone rang and I immediately recognized the area code, as the same one that my contact info had been changed to, but it was a different number. I answer and some guy says "Is this Scott?", I said yea and he says "My name is Mike, did you have some issue with your DAoC account?" and I replied that I had. He then said "OK, I'm sorry about that, but I had just bought that account, were you selling it?" He also said "Mythic told me the original account owner changed all of my info back". Of course I wasn't selling, and told him so. He apologized again, and I told him he didn't need to, but the account was mine, always had been and I never had intentions of selling it. I mentioned that if he paid someone using PayFail, he could give them my number and I would help get his money back. He apologized again and we hung up. Then I realized that the original email I received had the new contact info it, and none of that matched this guy. The phone number was different, although the same area code, and the name was different. Then I got scared and called EA support again and asked if there was any way possible for someone who did have the account name and password to actually get my personal info, like name and phone number. They stated they NEVER give out any info without the secret word. So, somehow someone found my account name and password, which is not too hard to fathom if my stupid kid used that info on one of the free shards, but the fact that "Mike" knew my name and phone number was scary. I don't know how he could get that info. I have changed all my passwords everywhere (none were ever the same as that game, and that game account name has nothing to do with anything real like my bank, PP, ebay, or business accounts). "Mike" may or may not be the hacker himself, he may be a victim as well, but he has my name and phone number. I don't use Lifelock or any other credit monitoring service, but I am considering it now, what says you? __________________ CA: putting the 'man' in bromance since 2008! --markem.