BioWare's Neverwinter Nights Forum Server Hacked

garatheus writes "The folks at EA/BioWare sent out an email this morning (GMT +2) outlining that their older Neverwinter Nights forums had been hacked, with a fair amount of user information stolen from the database — the likes of user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates. They do go on to say that 'no credit card data was compromised from the servers, nor did we ever have or store sensitive data like social security numbers.' There's no pointing of fingers as to who might have done the compromising, though."

Re:CD Keys?

[kav2k]

On old BioWare forums you had "registered owner" status for accounts. At the same time, this served as a backup for cd-keys of sorts: they were retrievable by the user.

Vindication!

[chill]

NWN was one of my favorite games, and one of the few I bothered to register on forums for. There was a lot of high-quality user generated content that was available. I was in their system, with CD keys, name, partial address, phone, (fake) DOB, etc.

About two months ago I decided to "clean up" my presence on the internet. Among other efforts, I went thru my mail archives for the last 7 years looking for references to anywhere I had created an account, posted messages, or had an identifiable presence.

Next, I created an anonymous, free Hushmail account. Just for paranoia's sake, I used a random proxy whenever I logged in there. I then logged in to every site that I had record of having an account on, recovering passwords if necessary. This included NWN forums.

Once back in, I changed all the login information to bogus info. Incorrect addresses, phony phone number, wrong dates of birth, random passwords and the disposable Hushmail e-mail address. Most sites needed confirmation on e-mail, so you just can't make something up.

The few sites that allowed it, I then deleted or disabled the account. Those that didn't are forever beyond my reach with false info and not tied to my e-mail address.

Only three remain, including Slashdot and GMail. I'm working on replacing GMail, and Slashdot I'll keep since it never had and valid personal info other than my e-mail (GMail) address.

Checking Hushmail shows I got a copy of the letter from EA, proving my efforts paid off. All the info is bogus. After July, waiting just to make sure I didn't miss anything, I'll let the Hushmail account expire and be purged.

My identifiable presence on the Internet will be only what I want it to be. With a little effort, privacy *can* be maintained regardless of what Messrs. Zuckerberg and Brin say.