Gonna try and shed some light and maybe remove a little bit of FUD going on here.
What?
The scheme works like this: hijackers take control of an account (the specifics are not yet clear, but I would speculate that they dupe Support into handing over passwords), loads up the account with credit (using any credit or attached credit cards) and then spends them all on FIFA Ultimate Team packs. They then proceed to "open" them and transfer the players to their own account (via the in-game transfer tools), to resell on the grey market.
By "dupe Support into handing over passwords" you're talking about SEN Support? Because changing an Origin account's password would have zero impact on getting access to your SEN account and be able to misuse a PS4 or Xbox One copy of FIFA with your account (even if you share the same email across both). I do believe its much more likely that passwords were phished from emails/twitter/facebook and those sorts of things. PC would be a different story obviously as there's no middle-man there. Not saying duping SEN or EA support staff doesn't happen, but I don't think it's anywhere near the primary avenue of attack. Also, on PC fraudsters focus their attention more on generating one-time-use Origin accounts on their own using stolen credit cards and such. Takes too much time to social engineer access to people's accounts when you can generate them on your own digitally.
Where did all this credit come from?
An interesting element in this year's jackings is that there's reports of people getting charged hundreds of dollars and then never spending them. I'm not sure why.
This sounds like one of the many recent antifraud measures in place to stop these actions from happening and it occurred mid-action so to speak. After purchase, but before spend. Obviously the ones that happen before purchase you probably never hear about, unless you bank tells you that EA/Sony said your card is compromised (which they do).
What can EA do?
The question is "what will EA do?" and judging by the similarity of this event from last year's shenanigans, it appears that the answer seems to be "jack shit".
I know that the FIFA studio team is focusing an enormous amount of effort and time on curbing FIFA fraudulent activity, can't really speak on specifics but it's very very high up there on their daily priorities these days, alongside with other business units within EA working on curbing fraud on a 24/7 basis.
You have to realize that until very recently (think CEO regime change), EA was very siloed internally with game studios and EA business units operating very much on their own and with very little communication between them (may sound shocking since EA is that gigantic hegemony but it's true).
Some basic things you could do to improve your security, outside of having unique/strong passwords for SEN or Origin, also enable Origin 2-step authentication.