Slashdot Mirror
BioWare's Neverwinter Nights Forum Server Hacked
garatheus writes "The folks at EA/BioWare sent out an email this morning (GMT +2) outlining that their older Neverwinter Nights forums had been hacked, with a fair amount of user information stolen from the database — the likes of user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates. They do go on to say that 'no credit card data was compromised from the servers, nor did we ever have or store sensitive data like social security numbers.' There's no pointing of fingers as to who might have done the compromising, though."
On old BioWare forums you had "registered owner" status for accounts. At the same time, this served as a backup for cd-keys of sorts: they were retrievable by the user.
...strange thing I have never played Neverwinter Nights, nor have I ever signed up on those forums. I believe everyone with an EA account for any game must have received this e-mail. Nice to at least see a company do a full disclosure quickly after a breach, rather than sitting on the info for a few weeks whole they "assess the damage".
"I hope you know how very lucky you are to know me, because I am so incredibly incredible."
I generated a unique e-mail address for Bioware forums way back when NWN first came out. I started getting spam on that address in the last couple of weeks. So it's likely this didn't happen in the last couple of days.
I got the e-mail from Bioware about the breach only yesterday.
NWN was one of my favorite games, and one of the few I bothered to register on forums for. There was a lot of high-quality user generated content that was available. I was in their system, with CD keys, name, partial address, phone, (fake) DOB, etc.
About two months ago I decided to "clean up" my presence on the internet. Among other efforts, I went thru my mail archives for the last 7 years looking for references to anywhere I had created an account, posted messages, or had an identifiable presence.
Next, I created an anonymous, free Hushmail account. Just for paranoia's sake, I used a random proxy whenever I logged in there. I then logged in to every site that I had record of having an account on, recovering passwords if necessary. This included NWN forums.
Once back in, I changed all the login information to bogus info. Incorrect addresses, phony phone number, wrong dates of birth, random passwords and the disposable Hushmail e-mail address. Most sites needed confirmation on e-mail, so you just can't make something up.
The few sites that allowed it, I then deleted or disabled the account. Those that didn't are forever beyond my reach with false info and not tied to my e-mail address.
Only three remain, including Slashdot and GMail. I'm working on replacing GMail, and Slashdot I'll keep since it never had and valid personal info other than my e-mail (GMail) address.
Checking Hushmail shows I got a copy of the letter from EA, proving my efforts paid off. All the info is bogus. After July, waiting just to make sure I didn't miss anything, I'll let the Hushmail account expire and be purged.
My identifiable presence on the Internet will be only what I want it to be. With a little effort, privacy *can* be maintained regardless of what Messrs. Zuckerberg and Brin say.
Learning HOW to think is more important than learning WHAT to think.
More likely it was some related game or game forum he signed up to. I got the email but my account was set up for DA:O and Dead Space 2, I've never played NWN. Seems like they're emailing everyone who has signed up for anything to do with their games, I don't know if that's just being cautious or if it's indicative that the leak might be wider than NWN players.