I recently faced a strange issue where both my EA and Ubisoft accounts were compromised in one night. It all started when I received an unexpected email from EA with a code to log in. When I checked my account, my password had been changed without my knowledge. Although I managed to reset the password with a code from EA, I discovered that all related emails were marked as spam, which I never did myself. Shortly after, I faced the same situation with Ubisoft, but this time I couldn't change my password in time and ended up locked out. Thankfully, Ubisoft's support helped me restore access an hour later.
I took a closer look to understand how this could happen, given that I use a password manager with unique passwords for all accounts and have 2FA enabled. My login records on Gmail show no suspicious activity, only my own devices. I ran a thorough virus scan on my Windows PC which reported no issues, and I checked my Chrome extensions, finding only Bitwarden and Ublock Origin Lite installed. I'm at a loss here—despite all of my security measures, my accounts were compromised. How could this have happened? I'm not looking for account recovery help, but rather advice on how to investigate if my PC is truly safe and what might have led to this breach.
3 Answers
Just because your virus scan came back clean doesn’t mean your PC is malware-free. Some types of malware, like info stealers and remote access trojans, can hide effectively. I'd suggest checking your task manager and startup applications for anything suspicious. If you find anything odd, it might be wise to secure your accounts from another device and consider a fresh install of Windows.
It sounds like you might have fallen victim to session token hijacking. It's a sneaky way for attackers to take control of your active session without needing your password, sometimes managing to bypass multi-factor authentication. I recommend looking into that to see if it's a possibility for your situation.
Thanks for the insight, I'll do some digging into session token hijacking!
Ubisoft has been through a few security breaches lately, so double-check that you didn’t use the same password for both EA and Ubisoft. Even if you have different passwords, being cautious is key!
No worries, I have unique passwords for everything—just to be safe!
I see what you mean. The computer was off for a while during the incident—does that change anything regarding your advice?