BioWare - Hacked

Dhruin · June 16, 2011

This is getting tiresome. BioWare joins the list of sites hacked recently with the old community forums (e.g., NWN and NWN2) compromised. This is presumably the reason the old forums were offline, rather than a pre-planned obsolescence. Here's the announcement on the Social Network:

Yesterday (June 14), we learned that a hacker gained unauthorized access to the decade-old BioWare community server system associated with the Neverwinter Nights forums. We immediately took appropriate steps to protect our consumers’ data and launched an ongoing evaluation of the seriousness of the breach. We have determined that no credit card data was compromised, nor did we ever have or store sensitive data like social security numbers. However hackers may have obtained information such as user account names and passwords, email addresses, and birth dates of approximately 18,000 accounts--a very small percentage of total users. We have emailed those whose accounts may have been compromised and either disabled their accounts or reset their EA Account passwords. If you did not receive an email from us, or if your password still works for your EA account, your username and password were not compromised. Nevertheless, changing your password regularly is always helpful to protect your account.

We take the security of your information very seriously and regret any inconvenience this may have caused you. If your username, email address and/or password on the Neverwinter Nights forums are similar to those you use on other sites, we recommend changing your password at those sites as well. We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support at 1-866-543-5435.

Aaryn Flynn
Studio GM, BioWare Edmonton
VP, Electronic Arts
http://support.ea.com/app/answers/detail/a_id/5367/

The EA support link at the end has additional details. A snip:

ANSWER

Q: How extensive was EA/BioWare’s data breach?
A: The data breach was extremely limited. The only server system known to have been affected by the unauthorized attack was that associated with BioWare Edmonton’s Neverwinter Nights forums. Approximately 18,000 accounts were affected—a very small percentage of total users.

Q: When did EA/BioWare learn about the unauthorized access to the server system associated with the Neverwinter Nights forum?
A: June 14. We quickly assessed the exposure, communicated to our fans and re-issued accounts we believed may have been compromised.

Q: What has EA/BioWare done in response to this breach?
A: We acted immediately to secure the server system associated with Bioware Edmonton’s Neverwinter Nights forums. We also launched an ongoing evaluation of the seriousness of the breach. To further enhance security, we have disabled all legacy BioWare accounts that were affected, and reset the passwords of any EA Accounts that were affected. Emails have been sent to all affected users alerting them to the issue with instructions on how to change their passwords and/or create new accounts (as applicable).

More information.

Alrik Fassbauer · June 16, 2011

If 18.000 accounts is "a very small percentage" … How big is then the full number ??? O_O

I mean of ALL users, the entire number of accounts (no matter whether affected by the hack or unaffected … ) .

Dhruin · June 17, 2011

BioWare passed 4 million commuity members years ago, so 18k is indeed a relatively small number.

aries100 · June 17, 2011

I think that the Bioware forums is home to more than 5½ or possibly 6½ million people, similar to the size of a small nation. (Denmark has about 5½ million citizens, for reference).

Chris Priestly also said this is a post on the nwn forums - http://social.bioware.com/forum/1/topic/199/index/7641310&lf=8

We are still investigating what we can do next for the NwN information, forums, website and CD Keys. When we have more information, we will let you know.

Maylander · June 17, 2011

The amount of hacking lately is getting somewhat annoying..

you · June 17, 2011

My understanding is it is copy cat kids using a known exploit of very popular forum software.

Doesn't make it less annoying...

I could go on and on about ease of making things relatively secure and danger of very common convenient practices but what's the point. I hope RPGWATCH isn't vulnerable

Maylander said:
The amount of hacking lately is getting somewhat annoying..

Captain Buzzkill · June 17, 2011

I would love to get my hands on one of these script kiddies.

DArtagnan · June 17, 2011

I tend to look at it as free education for the companies involved. As long as it's idiot kids with too much time - we're not going to suffer as "innocent" consumers.

you · June 17, 2011

Well the problem is most 'hackers' hack for the challenge (game) of victory. It is the follow on folks (I call script kiddies but it includes quite a few nasty folks) who like to use the info for personal gain.
-
Mind you this is just a generalization which might be less true today than 10 years ago. There is big business in theft....

DArtagnan · June 17, 2011

I suppose there's always a certain danger involved, though I have to say any thief getting his hands on my personal details will be pretty disappointed. In fact, I think he might start to cry if he scopes out my bank account.

I know I do often enough

aries100 · June 18, 2011

Aaran Flynn just updated us on the situation:

http://social.bioware.com/forum/1/topic/6/index/7664680

(a) Was my credit card/CD key exposed?
As previously stated, there was no credit card information on the servers in question whatsoever… so we’re good there. We also have conclusive evidence of which specific legacy account fields were potentially exposed: username, password, email address, date of birth, and country of origin. No CD keys, and again no financial info

.

And then there's this:

(c) What’s happened to the legacy forums, postings etc?
We turned off public-facing access to the legacy forums for reasons of safety and expediency but are currently working on a plan to bring them back in a way that ensures your information remains safe. Look for more information on this in the near future as our plans develop.

Fchopin mentions that he just got an email from Sega - in this thread -
http://social.bioware.com/forum/1/topic/6/index/7664680
about Sega getting hacked as well.

This looked organized now, doesn't it?

JDR13 · June 19, 2011

The trend continues.. now Sega has been hacked as well.

http://news.yahoo.com/s/nm/us_britain_hacking_sega

Lucky Day · June 19, 2011

15 - love Moriender vs Mike

Alrik Fassbauer · June 19, 2011

You are pointing towards a post in the future ???

By the way, this made me worried, too :

Tribalware.net and EVE from Innogames were among the victims of the Lulz campaign against video game makers. The hacking group also attacked servers that help run two other online games -- "League of Legends" and "Minecraft" -- and it hit the The Escapist website, which provides video game news.

Hacking for sports ?????

lssara · July 12, 2013

There is some password hacker software online, we can download one and burn it onto a blank CD/DVD/USB flash drive. So we can enter the locked Windows OS, etc.

BioWare - Hacked

Dhruin

SasqWatch

Alrik Fassbauer

TL;DR

Dhruin

SasqWatch

aries100

SasqWatch

Maylander

SasqWatch

you

Lazy_dog

Captain Buzzkill

Sentinel

DArtagnan

Guest

you

Lazy_dog

DArtagnan

Guest

aries100

SasqWatch

JDR13

SasqWatch

Lucky Day

Daywatch

Alrik Fassbauer

TL;DR

lssara

Traveler