Slashdot Mirror
BioWare's Neverwinter Nights Forum Server Hacked
garatheus writes "The folks at EA/BioWare sent out an email this morning (GMT +2) outlining that their older Neverwinter Nights forums had been hacked, with a fair amount of user information stolen from the database — the likes of user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates. They do go on to say that 'no credit card data was compromised from the servers, nor did we ever have or store sensitive data like social security numbers.' There's no pointing of fingers as to who might have done the compromising, though."
who cares anymore?
People that have or may have bad accounts on that forum?
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
LulzSec is due to release more 'booty' on Monday. Could this be it?
...on a forum database?
...strange thing I have never played Neverwinter Nights, nor have I ever signed up on those forums. I believe everyone with an EA account for any game must have received this e-mail. Nice to at least see a company do a full disclosure quickly after a breach, rather than sitting on the info for a few weeks whole they "assess the damage".
"I hope you know how very lucky you are to know me, because I am so incredibly incredible."
Guess they didn't find any sited related to Pong.
I got the email this morning but for the life of me don't know why. I'd never played nor heard of Neverwinter before I got the email.
Email below...
"We recently learned that hackers gained unauthorized access to the decade-old BioWare server system supporting the Neverwinter Nights forums. We immediately took appropriate steps to protect our consumers’ data and launched a thorough ongoing evaluation of the breach. We have determined that no credit card data was compromised from the servers, nor did we ever have or store sensitive data like social security numbers. Our investigation shows that information such as user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates from these forum accounts on the system may have been compromised, as well as other information (if any) that you may have associated with your EA Account. In an abundance of caution, we have changed your password to ensure account security. Please visit this (link deleted) to reset your password immediately.
If your link has expired, click here to generate a new email.
We take the security of your information very seriously and regret any inconvenience this may have caused you. If your username, email address and/or password on your EA account are similar to those you use on other sites, we recommend changing the password at those sites as well. We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support at 1-877-357-6007.
If you have questions, please visit our FAQ at http://support.ea.com/app/answers/detail/a_id/5367/ or contact Customer Support at the phone number above.
Aaryn Flynn
Studio GM, BioWare Edmonton
VP, Electronic Arts"
I generated a unique e-mail address for Bioware forums way back when NWN first came out. I started getting spam on that address in the last couple of weeks. So it's likely this didn't happen in the last couple of days.
I got the e-mail from Bioware about the breach only yesterday.
Ars Technica ran this article over a week ago.
Nostalgia isn't what it used to be.
Back when I signed up for their forum, like, I dunno, 6 or 8 years ago, I thought about this issue. At the end of the day, I decided that as long as they don't try some nonsense like invalidating my keys because *they* let them get stolen, I didn't care.
It's their forum, and their game keys. The keys don't protect me, they protect Bioware. They don't expose ANYTHING else of mine to any risk.
If they try to invalidate my keys for, e.g. online multiplayer, because of their stupidity in making people put the keys on their chat forum server, I'll go contact a class-action lawsuit lawyer. I bet they'd take the case on contingency.
NWN1 is one of the few games that actually didn't suck. Bioware yanked all DRM except the CD key needed to get to use the multiplayer servers (which is perfectly acceptable), and supported the game for a very long time with not just fixes, but additional content.
It is sad to see this hacked -- one could easily get thousands of hours of entertainment with NWN1 just due to well written player made modules.
I wish the hackers could have nailed some game company that puts out crap instead of a game which has aged quite well and is actually still worth playing.
I believe that forum was shut down, and moved to Bioware's new Social site along with the Dragon Age and Mass Effect forums. If it's no longer possible to login and use that forum, the database probably should have been scrubbed of passwords and CD Keys and the like.
Considering I only received an e-mail from BioWare last night its not old to me, or probably most other people who received it. I've never played NWN, but I have a forum account to get the ME2 "free DLC". Disconcerting how they are mailing everyone out of "an abundance of caution", seems like they can't be certain how much info the hackers got.
I'm getting way too many of these e-mails lately. I've had multiple companies send me e-mails to inform me their servers have been compromised. One of my accounts on another server was compromised last week as well.
I think that my biggest concern isn't what they might get out of an individual account, but what type of information that they can put together through cross-referencing information derived from multiple compromised servers. Birth dates, secret questions that might open up other accounts elsewhere, etc.
NWN was one of my favorite games, and one of the few I bothered to register on forums for. There was a lot of high-quality user generated content that was available. I was in their system, with CD keys, name, partial address, phone, (fake) DOB, etc.
About two months ago I decided to "clean up" my presence on the internet. Among other efforts, I went thru my mail archives for the last 7 years looking for references to anywhere I had created an account, posted messages, or had an identifiable presence.
Next, I created an anonymous, free Hushmail account. Just for paranoia's sake, I used a random proxy whenever I logged in there. I then logged in to every site that I had record of having an account on, recovering passwords if necessary. This included NWN forums.
Once back in, I changed all the login information to bogus info. Incorrect addresses, phony phone number, wrong dates of birth, random passwords and the disposable Hushmail e-mail address. Most sites needed confirmation on e-mail, so you just can't make something up.
The few sites that allowed it, I then deleted or disabled the account. Those that didn't are forever beyond my reach with false info and not tied to my e-mail address.
Only three remain, including Slashdot and GMail. I'm working on replacing GMail, and Slashdot I'll keep since it never had and valid personal info other than my e-mail (GMail) address.
Checking Hushmail shows I got a copy of the letter from EA, proving my efforts paid off. All the info is bogus. After July, waiting just to make sure I didn't miss anything, I'll let the Hushmail account expire and be purged.
My identifiable presence on the Internet will be only what I want it to be. With a little effort, privacy *can* be maintained regardless of what Messrs. Zuckerberg and Brin say.
Learning HOW to think is more important than learning WHAT to think.
I don't think the game generates any revenue for BioWare anymore, they've stopped doing expansions a long time ago, etc. CD keys are all compromised now as well - they were the last line of protection.
Can't they just make the sources available so all the fans can go on improving the game?
And THIS is why you don't associate cd keys with a goddamn forum login.
I got one of those emails last night, and I presumed it to be some sort of phishing attempt, since I don't have actually have any account on EA's or Bioware's forums. I simply deleted the email without clicking the link.
I may have used that email to register the product, but that was the extent of it.
File under 'M' for 'Manic ranting'
If the site gets hacked, what difference does it make if you have a strong password? It appears that nothing is really safe. Tell me again how cloud services are supposed to work??
Sorry, but gray text on gray background is making my eyes bleed.
Why would I give my SSN to a game company whose services I purchase? Why would they ask for my SSN?
If I don't give them my SSN then it won't be vulnerable to being stolen off their servers. That's the ultimate in security.
Well fuck. There goes my NwN CD key. God damnit.
how is babby formed?