BioWare's Neverwinter Nights forums hacked, EA Account information at risk

by JC Fletcher on Jun 23rd 2011 11:15PM

And here we thought we'd get through a whole day without a hacking story. BioWare Edmonton Studio GM Aaryn Flynn sent out an email tonight alerting users of its "decade-old BioWare server system supporting the Neverwinter Nights forums." As with the Sega Pass hack, BioWare asserts that there is no danger of loss of credit card data, but other information -- like "user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates" from EA Accounts may have been taken. These are the same EA Accounts used for online EA games, so it has significance beyond just forums for some old game.

The email includes a password change link, and -- also like the Sega Pass hack -- BioWare took the precaution of changing everyone's passwords immediately. Of course, if you used the same password for any other site that you used for your EA Account, you should change that too. Should you have more questions, EA has posted a brief FAQ about the hack.

Show full PR text

We recently learned that hackers gained unauthorized access to the decade-old BioWare server system supporting the Neverwinter Nights forums. We immediately took appropriate steps to protect our consumers' data and launched a thorough ongoing evaluation of the breach. We have determined that no credit card data was compromised from the servers, nor did we ever have or store sensitive data like social security numbers. Our investigation shows that information such as user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates from these forum accounts on the system may have been compromised, as well as other information (if any) that you may have associated with your EA Account. In an abundance of caution, we have changed your password to ensure account security. Please visit this (link removed) to reset your password immediately.

If your link has expired, click here to generate a new email.

We take the security of your information very seriously and regret any inconvenience this may have caused you. If your username, email address and/or password on your EA account are similar to those you use on other sites, we recommend changing the password at those sites as well. We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support at 1-877-357-6007.

If you have questions, please visit our FAQ at http://support.ea.com/app/answers/detail/a_id/5367/ or contact Customer Support at the phone number above.

Aaryn Flynn
Studio GM, BioWare Edmonton
VP, Electronic Arts

Via: ShackNews
Source: EA

Tags: bioware, ea-account, electronic-arts, hack, hacking, neverwinter-nights, pc

Reader Comments (70)

ugh.

Now they are hacking services i regularly use.

It's starting to hit a bit too close to home

@BrianH

Seriously getting out of hand

@BrianH

lol, i can't log into EA services, waiting forever to get the reset e-mail from them.

@Jenks

I swear at this rate they really are going to start hacking oil tankers sheeesh

@BrianH
How are we safe if encrypted services are able to be hacked? As a webdeveloper, I'd really like to know what i'd be able to do in regards to safe guarding sites.

@BrianH
How are we safe if encrypted services are able to be hacked (so easily it seems)? As a webdeveloper, I'd really like to know what i'd be able to do in regards to safe guarding sites.

I have an old bioware account for nwn (last PC game I played because it had a native Linux client), but back then I didn't have to link it to an e-mail address. I just tried to log in to nwn.bioware.com but it appears you can only do so with an e-mail adress via the EA login. Does that mean my account has been killed anyway?

@BrianH

So this is why when I tried to play BC2 I couldn't sign in and had to change my password.

Thank god I use one of my garbage set of credentials for EA stuff.

@Morisato As a regular developer, I think you're mistaken to think this was either an 'encrypted service' or secure. That part's obvious by the data theft. I've worked with enough companies who take the "slap SSL on it and call it secure" mentality (which is extremely incorrect, but that's a much longer explanation). These breaches have been happening as a result of the server/software not being patched, or in some cases, much, much bigger security blunders (Bethesda e-mailing your password in the clear, simple SQL injections, etc).

My advice to protect yourself against these is simply not to provide them your real information. My EA info of:
123 You Don't Need This Rd.
Here, IN 12345
was totally just stolen (I'm not from Indiana, either). Make sure you use a different password for your accounts (either by group, or different for everything). If you have difficulty remembering passwords, you can use software to securely keep a list of your accounts. Then you only need to remember one to access that list.

@The Moof
Awesome, thanks for clearing that up for me. Just wondering why the data seemed to be stolen so easily. The details that you pointed out will also help me to prevent that (I'm still learning), and also makes me wonder... why the developers of these sites overlooked these security issues, when even I am still learning, and was taught (to prevent those security issues from happening) early on. Numerous ways to prevent them i might add.

As for the whole password issue... i keep my passwords, and other login details, in an encrypted Spreadsheat file on a encrypted Iron Monkey flash drive :P So that's taken care of.

Stop it.

@Ezio Auditore da Firenze
Knock it off.

@Ezio Auditore da Firenze Assassinate them!

@nerdydesi1
But the Assassin's Creed is that "everything is permitted"

@Ezio Auditore da Firenze
Get down....NOW!

Well this has just been a fine couple of months, eh?

@xJimmeh

This won't happen once the extranet rolls around. Believe me.

@Shadowbender

I'm sure the Ultranet would be able to hold its own against punks like these

@xJimmeh

I feel extra bad for all the people that sold their PS3's because of Sony getting hacked. At this rate, soon they will have to quit playing games by over half the publishers out there. Unless they are hypocrite's that only condemn Sony for the hacks...

Wait, what am I thinking. Gamers would never act like that.

GAAAHHH!! I got this email because I actually have this game.

Isn't there some sort of unified password that we can all just live under one banner where we either all get hacked or we can change all our passwords at once. That's what I want.

At this point I feel like I should just change all my passwords on every website I have ever visited, yet if I do that preemptively then I will only have to change them again after said sites are hacked. So I don't know if I should be furious and fearful, or rather if I should just thank for hackers for making sure I regularly change my passwords, which we all know no one does...hmm.

*sigh*

Really?

REALLY? I'm getting sick of this.

@Ignatius

Your Guy Fawkes avatar seethes with irony.

Half of these attacks leave me unsure if I even have an account at the hacked website. For instance this talks about Neverwinter Nights, which I don't play, but then also mentions your EA Account, which god knows each and every human on earth has one of those. If I don't get an email should I assume I am safe?

@Poor Tom I've never played it either, but I think what happened is: They broke into an old unsecure server leftover from NN's heyday. Not wanting to take the risk of catching hell from some fool who hasn't seen let alone changed their NN forum password in over 10 years (which along the way were also incorporated into EA's accounts by still playing users), they just decided to warn everyone. You're likely fine.

@Poor Tom

I didn't get an Email and my EA account was one that was jacked, well, unless my password just happen to magically change by itself yesterday.

I'm crying blood right now...

Wait so if I have a Warhammer online account did it's info get stolen? If I had a regular EA account like for Badcompany 2 did it get stolen? As I got no email from EA or Bioware.

I've become numb to this sort of news...

FUUUUUUUUUUUUUUUUCK!!!!!!
Will this stop, it's boring now and it's not cool.
Will you assholes move on to some other nerd fad? Remember D&D? You wanna play some D&D? Yes you do, awww yes you do. Now run down the basement and all be down with some of momma's home made cookies and some mountain dew.
And don't worry, I've already called Joshua's parents and told them he is staying over so you just go on and have a "wild" time son.

@Faris Hilton

Wow. Everything you said there was extremely offensive to me, and I'm not a hacker. I'm a gamer. Who fits most stereotypes.

Sheesh.

@Copybass Ah jeez zombies

Does he realize that hes trying to make DND look bad while being upset that Neverwinter servers were hacked?

Can people be this stupid, or is this an act?

@Cavall
Chill out girls, It's not Neverwinter Nights that I'm bothered about, it's the entire hacking malarky, it's getting boring.
I was poking fun, a joke if you will, let's not get our panties in a twist over something someone on the internet who goes by the name "Faris Hilton" said.

Really, if these companies can't properly protect all their stuff, it's pretty much inviting problems. Not saying I condone everything that's being done, but seriously...

If you worked in a Central Registry Office, and you didn't lock the door to the censuses at the end of a night, you'd likely be thrown in jail for criminal negligence.

Then again, as an IT guy, I do know how hard it is to protect everything, and how sometimes it's Upper Management that keeps you from protecting everything, but this REALLY isn't right.

GAAAH DAMN YOU ALL!!

You know what sucks? None of these articles or the EA help actually say WHICH forum it is. Well, they do, but "Edmonton Neverwinter Nights Forum" is very unhelpful. I'm a part of the bioware main forum, which includes a neverwinter nights section. How the heck am I supposed to know if my details were compromised if they won't give a URL to the compromised site!

@MaJoR

Check your e-mail.

I received a reset notification e-mail, and i don't own neverwinter nights, i have dragon age and mass effect games.

And i also can't log into Bad company 2, because my password is reset, and im trying to fix it.

F that noise; we have Q!

Do these people realize that in the process of teaching companies they don't agree with lessons they annoying and affecting thousands of innocent people too?

and here the email was so poorly structured i thought it was the scam! if ive learned one thing from blizz, its not to click on links in emails related to passwords...

@xakari

well, it just sends you to a page to insert your e-mail address, which if it was a scam, they would have had your e-mail anyways.

Ferris or Feris? You should goooooglleeee!

QUIT IT HACKERS!

Really, there's nothing more that can be said. I've learned to expect an e-mail telling me to reset my password and just hope that there's not to much of my personal info floating around out there for the taking.

I'm going to register a domain that's my most frequently used password and mailing address and just call it a day.

Man, if only I could get a group of hackers to hack other hackers..

I'd call them Zaroffs.

Hope everyone remembers this shit when they start downloading games digitally rather then buying them retail. Unless you don't mind not being able to play a game you paid for. This is yet another reason why needing a internet connection before you load a game is ridiculous.

Nobody can stop the hackers. The only thing you can do is not draw their attention. Give them any reason they deem " just" and they will come for you.

Single player campaigns should not require an Internet connection. You should not have to reveil personal information to play a game you paid for. Everyone is excited for Cloud and digital distribution until the company you bought the game from gets hacked. Guess who isn't playing their games anymore? And that is the least of the worries.

I received one of these emails. I can't think of any game I played that i would need a BioWare/EA password for though.....wait, fuc#!ng Spore....damn you, Spore...damn you to Hell!

At this rate the entire video game industry will be hacked by the end of the year.

Makes me apprehensive to tie my psn account to that new battlefield/COD online stat tracking service

| 1 | 2 | Most Recent | Next 50 Comments

Neverwinter Nights

BioWare's Neverwinter Nights forums hacked, EA Account information at risk

Reader Comments (70)

Posted: Jun 23rd 2011 11:16PM BrianH said

Posted: Jun 23rd 2011 11:26PM Jenks said

Posted: Jun 23rd 2011 11:52PM BrianH said

Posted: Jun 23rd 2011 11:52PM Stevetrop Man of Mystery said

Posted: Jun 24th 2011 3:01AM Morisato said

Posted: Jun 24th 2011 3:01AM Morisato said

Posted: Jun 24th 2011 5:39AM sparkster said

Posted: Jun 24th 2011 9:53AM Sh1fty said

Posted: Jun 24th 2011 10:55AM The Moof said

Posted: Jun 24th 2011 2:12PM Morisato said

Posted: Jun 23rd 2011 11:21PM Ezio Auditore da Firenze said

Posted: Jun 23rd 2011 11:40PM XLM said

Posted: Jun 23rd 2011 11:55PM nerdydesi1 said

Posted: Jun 24th 2011 1:09AM GuardianLegend2 said

Posted: Jun 24th 2011 12:32PM arucious said

Posted: Jun 23rd 2011 11:21PM xJimmeh said

Posted: Jun 23rd 2011 11:31PM Shadowbender said

Posted: Jun 24th 2011 1:39AM Stevetrop Man of Mystery said

Posted: Jun 24th 2011 6:59PM LiveStock said

Posted: Jun 23rd 2011 11:23PM Misfit Toy said

Posted: Jun 23rd 2011 11:24PM Poor Tom said

Posted: Jun 23rd 2011 11:26PM Ignatius said

Posted: Jun 23rd 2011 11:34PM Copybass Ah jeez zombies said

Posted: Jun 23rd 2011 11:28PM Poor Tom said

Posted: Jun 24th 2011 12:43AM VioletArrows said

Posted: Jun 24th 2011 9:55AM Sh1fty said

Posted: Jun 23rd 2011 11:30PM Shadowbender said

Posted: Jun 23rd 2011 11:30PM The Aquacharger said

Posted: Jun 23rd 2011 11:31PM CleanUndies said

Posted: Jun 23rd 2011 11:32PM Faris Hilton said

Posted: Jun 23rd 2011 11:35PM Copybass Ah jeez zombies said

Posted: Jun 23rd 2011 11:51PM Cavall said

Posted: Jun 24th 2011 12:04AM Faris Hilton said

Posted: Jun 23rd 2011 11:34PM Copybass Ah jeez zombies said

Posted: Jun 23rd 2011 11:37PM ZachFACEyay said

Posted: Jun 23rd 2011 11:42PM MaJoR said

Posted: Jun 24th 2011 12:01AM BrianH said

Posted: Jun 24th 2011 12:38AM The Wicker Man said

Posted: Jun 23rd 2011 11:57PM fdisk said

Posted: Jun 24th 2011 12:01AM xakari said

Posted: Jun 24th 2011 12:16AM BrianH said

Posted: Jun 24th 2011 12:41AM The Wicker Man said

Posted: Jun 24th 2011 12:14AM The Cole Train said

Posted: Jun 24th 2011 12:17AM BigEgo007 said

Posted: Jun 24th 2011 12:25AM RickGhastly said

Posted: Jun 24th 2011 12:30AM Dhexodus said

Posted: Jun 24th 2011 12:35AM HaVoK308 said

Posted: Jun 24th 2011 1:09AM GameCherry said

Posted: Jun 24th 2011 1:14AM Marconi said

Posted: Jun 24th 2011 1:21AM Johnnynumber5 is powered by cell said

Neverwinter Nights Info

Description

MSRP

Release Date

Genre

Developer

Publisher

Rating

Breaking News

WB conjures up Harry Potter for Kinect this fall

Featured Stories

Weekly Webcomic Wrapup is a stranger in a strange land

Silver Lining: I Am Alive's unfeeling world

Game Of Thrones and the paradoxes of adaptation

Engadget

TUAW

Massively

WoW