Make It Stop: BioWare NWN Forums Hacked

By Alec Meer on June 24th, 2011 at 10:18 am.

that's exactly what a hacker looks like

This is a depressing year to be on the internet. And a doubly-depressing one to be a newswriter on the internet. The latest (but, let’s not bloody kid ourselves, not last) game company to suffer the peculiar ire/amusement of hackers is Bioware. Fortunately, only a very specific bit of Bioware, so don’t panic too much: their 10-year-old Neverwinter Nights forum. It actually happened a little earlier this month, but now Bioware are alerting everyone affected and opening up about exactly what details were compromised. You may have thought, following the initial talk of this hack, that it was no big deal for you, but if you used to play NwN you might well have left passwords, email addresses, phone numbers or CD keys in the information these imps have made off with. Credit card details are apparently safe, however. Full Bioware statement below.

“We recently learned that hackers gained unauthorized access to the decade-old BioWare server system supporting the Neverwinter Nights forums. We immediately took appropriate steps to protect our consumers’ data and launched a thorough ongoing evaluation of the breach. We have determined that no credit card data was compromised from the servers, nor did we ever have or store sensitive data like social security numbers. Our investigation shows that information such as user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates from accounts on the system may have been compromised, as well as other information (if any) that you may have associated with this forum account. In an abundance of caution, we have disabled your legacy Account. To create a new account please visit social.bioware.com.

We take the security of your information very seriously and regret any inconvenience this may have caused you. If your username, email address and/or password on your Neverwinter Nights account are similar to those you use on other sites, we recommend changing the password at those sites as well. We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support.”

There are a few more details and suggestions in this official FAQ about the hack.

Right, I’m off to fucking go fucking change all my fucking passwords afuckinggain. Fuck!

, , , , , .

82 Comments »

Sponsored links by Taboola
  1. Premium User Badge

    Makariel says:

    Are really more hacking attempts than ever before this year, or has just media coverage increased 1000-fold since the PSN disaster?

    • Don Andy says:

      I think ever since the PSN disaster people just found that you could get news coverage easily by hacking somebody so now they’re picking on whatever can be picked easily but is still big enough to provide some coverage.
      It’s a fad, it’ll go away again pretty soon again I’m sure.

    • ArcaneSaint says:

      The PSN hiccup may have encouraged certain groups of hackers to aim for bigger targets. While at the same time media coverage has increased enormously, also because of the PSN thing.

    • gasteropod says:

      It’s not a fad, Don. You can sell legit e-mails with user details for quite a bit of money to who ever those fuckers are that spam your emails.

    • Premium User Badge

      shoptroll says:

      I don’t think the PSN hack made hackers go after bigger targets. I think it shed light on the fact that security is probably a lower priority at gaming companies which made them easy targets.

  2. McDan says:

    I was about to email this in to you guys this morning when I got it, but I thought that was the bioware having thing that already happened. Rather annoying to keep changing these passwords now.

  3. Mooglepies says:

    This was always going to be the danger with the internet; personal details everywhere and unscrupulous miscreants with more tech expertise than the big companies holding those details.

    Hopefully all of this leads to better security, but I know I’m not looking forward to 2-factor authentication everywhere.

  4. Kaira- says:

    I remember reading about this like two-three weeks ago. Did I just imagine that?
    Edit:// Well, apparently one week ago, at least.

    • MiniMatt says:

      Um – wowzer. Such a cool word “wowzer”, I should use it more often.

      Anyway, wowzer – I can only guess they first thought it only hit 18k users and so (presumably) only mailed them, then realised they’d leakend the whole shebang and mailed the rest of us poor mugs who as a result of their delay have had compromised passwords floating around out there for a week?

    • Hoaxfish says:

      Yea, I gotta say, I read about this… and thought I was safe because I hadn’t received the notification email… until today.

      These companies really need to accelerate this sort of warning. Seriously, how hard is it to basically email your database full of emails?

      I get the feeling this is another “internet ocean”, where non-local users get second billing.

      Actually, given that the forum was archived and non-updateable… and their solution was to disable the effected accounts… why weren’t they already disabled, and inaccessible as soon as they moved to their new “social” thing.

  5. KikiJiki says:

    Went to reset my password, prompted me to create some new identity with EA.

    Totally cynical mode on: could be a nice story to get those who haven’t to register for this identity.

    • Kadayi says:

      All EA accounts operate under Origin now. There is nothing ‘cynical’ about it. It’s just an extension of what was already there.

    • Premium User Badge

      shoptroll says:

      EA accounts aren’t Origin accounts yet. I think? About a year or two ago EA started consolidating everyone’s accounts into an umbrella account so you only had one user id/password to use for things like BioWare Social, Spore, etc. Their website is saying everything is becoming an Origin account in a few months.

    • Veracity says:

      They are. Most or all recent-ish EA games use your grand unified EA account, as does Origin. It was used by EADM, too, which is unsurprising, since that’s still all Origin seems to be, so far.

  6. Risingson says:

    And I’ve just finished Cory Doctorow’s “Little Brother”, which has so much to do about these issues…

  7. Mist says:

    ~2 weeks ago my hotmail account was used to send spam to my entire contact list, I didn’t have any virusses etc, and changing my password fixed the problem.

    Today I got the email from bioware seen in the article, and it is indeed quite possible that I used my hotmail password for the nwn forums (where I was active) and haven’t changed my hotmail password since..

    So I guess the two are related? The actual data theft happened some time ago, but they only sent an email about it now?

    • Premium User Badge

      Nathan says:

      Are you sure that there wasn’t a spoofed reply-to? There are other ways to get a list of your contacts without compromising your machine, then an attacker’s email server could spoof it coming from your address.

      You should usually be able to diagnose this from the X-headers.

    • Mist says:

      Well, the emails were sent from my account (they were in my “sent emails” folder, I take it they don’t appear there if someone spoofs a reply-to?), but at a time when both the PCs that I use to access the account weren’t on (in the middle of the night). The headers don’t show anything really weird, except that they were sent from some IP address in Indonesia..

      But yeah. Unique passwords for all important accounts.

    • Highstorm says:

      @Mist

      Had the same exact thing happen to me around the same time. In fact I had 2 hotmail accounts associated with old NWN logins, and both sent out spam (in addition to receiving some from friend addresses I recognize from that time).

      It seems highly likely that this hack is the cause.

    • Premium User Badge

      ADinVA says:

      Happened to me too, at about the same time. Someone/something with a Russian IP address logged into my gmail account that was attached to the Neverwinter account and tried to spam my contacts. Gmail blocked the outbound mail as suspicious and then locked down the account after the third or fourth message attempt.

  8. kenoxite says:

    Right, I’m off to fucking go fucking change all my fucking passwords afuckinggain. Fuck!

    Or just wait until they hack it again to do that.
    There’s a point where you start to wonder what’s the point.

    • Iain_1986 says:

      If you changed your passwords previously…..surely the password leaked from NWN is now old and useless?

    • patricij says:

      I’m beyond care, really…I’ve changed my FB and Steam password and that’s it as GMAIL uses two factor and a new password anyway. And that’s it, I doubt they’ll want to reserve 2 million books @ the public library or sign me for extra exams in uni system (however devilishly childish this might be, haha)

    • Aankhen says:

      If you changed your passwords previously…..surely the password leaked from NWN is now old and useless?

      Yeah, and, uh, shouldn’t every password be different anyway and therefore not be in danger of being compromised just because this one was? I don’t understand why any passwords need to be changed save for the NWN forums account. :-S

  9. MaXimillion says:

    Really disappointed with Bioware, I thought I was safe when I heard about the hack the first time since I hadn’t been contacted and the news said it was an old database with most users unaffected by it, and NOW they mail me that my data may have been compromised? Really sloppy.

  10. Bioptic says:

    Yeah, I’m realised confused by this – I’ve played about 30 mins of NWN from the GoG version, and never used any kind of forums related to it. Following the link in the email sent just takes me to the generic EA.com password reminder page, and resetting the password directs me to the generic EA account. Not even the EA downloader account – just an empty account page with no games registered and no further information.

    I’m starting to think that whilst the NWN forums were affected, EA’s simply mailing everybody they have an email address for.

    • mike2R says:

      Yeah, if I’ve ever played NWN it was for no longer than you, and I’m sure I’ve never signed up to a specific forum about it, but I got this email too.

    • Resonance says:

      It looks like all EA accounts were compromised – or at least all Bioware’s games [that you need an EA account to activate].
      Bodes well for Origin… -_-
      If this is true EA’s PR is great, because they’re basically lying to us about the severity of what occurred and are trying to claim an attack on the whole of their system was a simple raiding of an old NWN server…

    • Premium User Badge

      Joshua says:

      The forum accounts are the accounts you use to play online with NWN. They are seperate from the EA things.

  11. Premium User Badge

    Rinox says:

    Ughh. That is all.

  12. Teddy Leach says:

    Oh for fuck’s sake.

  13. Thirdstar says:

    I would love to know what “We have disabled your legacy account” really means. My Bioware Social account seems untouched. And as Kaira pointed out, isn’t this ya know old news?

    • Mana_Garmr says:

      My EA connected account, which I had to make when I installed ME2, still exists.

      My old account on nwn.bioware.com which had my NWN CD keys registered to it, and possibly some other games, seems to be gone. Luckily I still have my manuals with the keys, would be very annoying to anyone who relied on the account as a way to retrieve their keys for installation.

    • thegooseking says:

      Legacy account is for everything ME1 and before (i.e. 2007 and back). BioWare Social is for everything DA:O and later (i.e. 2009 on).

    • Thirdstar says:

      Oh, I see. Guess i’ll have to go dig up my old NWN discs. Gnaaaar, not looking forward to that. My Bioware Social account seems to be linked to my Mass Effect 1 key as well, though this may be because I re-bought ME from steam at a much later date.

      I know its the paranoid in me but, I think i’ll just go change a bunch of passwords again. Just to be safe.

  14. Drake Sigar says:

    Password changing has almost become a weekly routine for me now, it is really draining to get up in the morning and waste most of the time you should be using to prepare for work or an appointment on going over all your old accounts.

  15. Premium User Badge

    Diziet Sma says:

    Annoyingly for me I had two both of which are current ea.com accounts. more annoyingly than that I’ve already had to change those account passwords twice due to hacks elsewhere.

    On the plus side, slowly but surely all of my passwords are now becoming unique.

  16. Premium User Badge

    sonofsanta says:

    It was all these shenanigans that have finally got my arse into gear to get unique passwords everywhere with LastPass.com. I know all the arguments about entrusting data to a 3rd party etc. but as far as I’m concerned right now, passwords being compromised is the biggest problem, and this is the fix for it.

    These tosspots are not exactly winning hearts and minds with all this, are they?

    • johnpeat says:

      IF Lastpass were attacked (quite likely) and compromised, all the attackers would get is a stack of encrypted passwords they have almost no way of decrypting (it would take a LONG time).

      The only security you must not screw-up is your master password – it must be non-guessable and non-brute-forceable and you must not save it anywhere – then you are as safe as it’s possible to be…

      It’s a bandage for a stupid injury tho – we need a better system across-the-board. Hell some places now require separate registration for website, support site, customer accounts – WTF!

    • zipdrive says:

      Lastpass don’t hold your password, only hashed of them. If you don’t know what those are, I recommend you listen to Security Now podcast.
      Actually, I’d suggest listening to it to just about everyone these days.

    • TuesdayExpress says:

      Ars Technica’s coverage of the HB Gary mess earlier this year finally motivated me to dive into Lastpass. It was a definite chore to get it set up (that was the easy part) and then to generate new passwords at all the sites I visit (that takes a good chunk of time).

      Now that it’s up and running, though, life has become much easier. Someone gets hacked, I just go there and change my now-unique password. Saves a lot of time and potential problems down the road.

    • kenoxite says:

      Thanks for the heads up, sonofsanta.

      Now I’m properly LastPassified, and probably royally screwed if I ever manage to forget my master password. Hopefully my own hints aren’t that cryptic that I won’t be able to understand them in a few years from now.

      Anyway, thanks Lulzsec or whoever you are. In the most sarcastic way your hackery minds can imagine. That also goes for you EA (and practically all the videogame industry).

  17. johnpeat says:

    Firstly, can I remind people of the glorious nature of LastPass – a system which works amazingly well and means your passwords are scrambled nonsense which, if compromised in one place, will mean nothing elsewhere…

    Second, I’m really hoping this wave of fuckwittery will prompt a radical change in the stupid system of every website asking for unique registration. Systems like OpenID have stalled with crappy support from people like Yahoo etc. – it’s time this was reversed and authentication was done in a less stressful and faffy way.

    Last week – for the first time in years – I joined a forum by simply linking my Facebook details – it was almost painless and worked well – why can’t more things work like that. Most places – even with Facebook/Google etc. logins – are a pain in the arse to setup (and often don’t work at all!!)

    Wakeup time for the Internet – you’ve fucked people about too long already, do it properly now.

    • Matt says:

      Uh what? Yahoo was the first of the big guns to implement OpenID, and they’ve had OpenID 2.0 support since the beginning of 2008.

    • johnpeat says:

      The last few times I’ve tried to use OpenID with Yahoo I’ve been taken to pages which either 404 or which produce errors when submitted…

      In fact, in the 2-3 years since they started doing this, I’ve managed to make it work ONCE and even that site has since stopped working again…

      The whole idea is flawed – either they make it s LOT less hassle or they give up entirely IMO – the current implementations are broken

    • jalf says:

      Don’t use Yahoo then. Gmail is an OpenID provider. So is Steam. And a bunch of other sites. I use MyOpenID.com, and it’s worked flawlessly for me so far (excepting a few sites that let you log in with OpenID, but fail to implement all parts of the protocol correctly. In particular, PHP implementations seem t ohave trouble with delegation, so I have to use my full myopenid url to log in with them. But it works)

  18. juandemarco says:

    Considerations:
    1. There should be more investment on security by the various entartainment companies: had they employed state of the art security measures those idiot Lulzsec/Anon script kiddies would have not made it past the first firewall. I mean, how is it that the password are stored unencrypted? How is it that the password are stored AT ALL? Passwords shouldn’t be – generally – sent over a network, even if enciphered.

    2. There should be more awareness. For example, these useless crackers should be aware of the shitpile they’re getting themselves into. Their hubris will mark their fall.

    3. As a website that sells rocks, paper and shotguns, I can’t find the proper page to acquire said weaponry to defend myself in case this thing gets out of hand. Can you point me to the right direction? Would you trade a shotgun for this fine leather jacket?

    • johnpeat says:

      Password have to be sent over networks or they’re pretty-much useless :)

      The fallout from this won’t affect those causing it – they’ve unlikely to be caught and even if some of them are, others will leap into their place.

      That this is a wake-up to companies harvesting personal data and storing it in a leaky box is a good thing – generally speaking – however as this moves from targetted attacks on places which should be secure to wanton vandalism – or worse – who knows where it will lead.

      There’s a finite amount of protection you can give systems before they become unusable to even their registered users and there are ALWAYS security holes and other ways-in. When there are literally 10s of thousands of people working to find them and when they can spread news of them instantly – it’s like trying to stop the tide with a teacup.

    • juandemarco says:

      Actually, no, you can send a cryprographic hash of the password over the network, you don’t need to send the password itself.
      http://en.wikipedia.org/wiki/Cryptographic_hash_function#Applications
      There are of course scenarios where you need to send the password, I’m not saying that it doesn’t happen (or that it could be always avoided), but as far as forum, websites etc go, there is no need to.

      I agree that this might, in the end, be a good thing, but there is a fine line between ‘doing this to prove a point’ and ‘doing this to screw you because we can’. Of course those ‘leaky boxes’ should be made more secure, but I don’t think these Lulz guys are outcast geniuses. I think they’re merely script kiddies who know a couple of things about writing C++ code and have found some documentation on how to perform such attacks. There is a lot of that if you search the right places.

    • DougallDogg says:

      As a general rule of thumb it’s a security best practice to encrypt passwords mainly for the staff of the website do not have access to your details let alone any would be hackers.

      Hash functions have been available as a SQL command for donkeys years (way before I learnt in 1996) and is an exceedingly simple function to implement. Problem is despite the constant changes in encryption types (MD5, SHA-1,2) they themselves are not secure, even hashes with salt (something extra added to your password to make it harder to decrypt). Even a simple novice with little coding or scripting knowledge can figure out a has but as someone said earlier it takes a long, long time. Most hashes degrade and lose data when they’re encrypted so the only way to obtain the original is to recreate it. If you got alot of time on your hands and a free computer with a beefy processor even a simple php, python, hell even a command line script or apple script would eventual work.

      Funnily these ‘hacking’ attempts always happen when college’s and uni’s are having holidays and is always the actions of young males (as it is always males). Most of the ‘hacks’ so far have come from forums and message boards which 9 times out of 10 use open source, propitiatory solutions like phpBB or vBulitin which are open source and have loads of security vulnerabilities (though to be honest it takes years to code a optimised and lightweight messageboard).

      The only way to be 100% sure that a site is safe is to developer it from the ground up and have done vigorous penetration tests as well as making sure your webserver is patched up to date.

      Just goes to show the standard of education theses days or the fact that everyone and their mum thinks they’re a web developer.

  19. Premium User Badge

    oceanclub says:

    Oh good god – are we talking about _yet_ another bunch of idiots who store information, including pkasswords, in plaintext? At what point do people running forums/servers start thinking “hmm, there’s lots of hackers around – maybe we should, you know, ENCRYPT this stuff”?
    Argh.
    Also, the mail sent sounds confusing:
    “We recently learned that hackers gained unauthorized access to the decade-old BioWare server system supporting the Neverwinter Nights forums. […] Our investigation shows that information […] may have been compromised, as well as other information (if any) that you may have associated with your EA Account.”
    So, if it was only the old NWN forums that were hackerd, how come they say it’s my more recent EA account which is compromised??
    P.

    • zipdrive says:

      I’m pretty sure the email said “encrypted passwords”

    • Unaco says:

      @oceanclub…

      Try reading the e-mail again (I notice you actually quote the right part, but replace the relevant words with ellipses).

      “information such as user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates”

      It’s a fuck up, yes. But they aren’t “another bunch of idiots who store information, including pkasswords, in plaintext”.

    • jalf says:

      And encrypted passwords can be broken. Potentially. Which key were they encrypted with? Where is it stored? Are we sure the hackers haven’t gained access to that as well?
      Were they actually encrypted or hashed? Salted? Which encryption/hashing algorithm was used? Has that algorithm been broken already? Might the hackers be able to figure out some passwords with a rainbow table?
      Based on their email, I don’t see anything to guarantee that the hackers haven’t been able to figure out my password.

      Anyway, I liked the “abundance of caution” part of the email. Wouldn’t an abundance of caution have prevented the hack in the first place? And isn’t “resetting passwords after you were hacked” the absolute MINIMUM of caution you can possibly exhibit? Anything less is *zero caution*.

    • Screamer says:

      I never registered on the NWN forums, and can’t remember if I’ve ever even played it, but I got the email as well :/

  20. AbyssUK says:

    Wait if you’ve already changed all your passwords when others hacks occured…. why would you need to change them all again now? are you reusing the same password each time??… well if you get hacked then sorry its your own stupid fault. Don’t re-use passwords

  21. geokes says:

    I really don’t like Bioware anymore, they’ve given in to EA and are just making consolized trash.

  22. Jumwa says:

    I’ve been suddenly getting an influx of spam email to one of my accounts, and I can only imagine it must be because of some of these hacker situations going on. I’ve been managing my email accounts for years carefully with no spam, seems strange all of a sudden after five years of no unwanted spam that I’m getting pelted.

  23. Unaco says:

    Well Electronic Arts, this news just fills me with confidence in the security of your upcoming Origin system (which I noticed you still managed to try and sell to me while I was going through the password reset – Good job associating this complete fuck-up with your recently announced soon to be complete fuck-up). I’ll be more than happy to provide you my credit card details, and keep them on file with you for speedier purchases, seeing how securely you will hold my data, and how promptly you informed me of this recent attack.

    Edit… It removed me /snark tag.

    • theleif says:

      Because a 10 year old BIOWARE server, hosting the forum for a BIOWARE game being hacked is of course EA:s fault.

      I think mr Spock would like to have a word with you.

    • Unaco says:

      It was EA that decided to try and push and advertise their Origin System in the e-mails for resetting passwords. This is why I am associating this fuck-up with Origin and EA (because they put the two together). Rational, reasonable, logical man that I am, I am still a man, an animal with fancy thumbs and a big neo-cortex… but still, essentially, an animal. Which means that the more primitive, phylogenetically ancient parts of my mind (which make what you could call ‘gut reactions’) are still very much present and active.

      I can reason away all I like… as you said, this was an old BW server, not an EA one… they take extra care with CC numbers anyway, because they didn’t lose them… surely the new system will have security at the fore. I can think things like that… but it’s already a little too late. EA and Origin have become associated with this, the seed has been sown.

    • Kadayi says:

      IIRC Aren’t you the same guy whose convinced that Episode 1 & 2 of Half-life 2 were cut content from the original game?

      Also they aren’t ‘pushing’ Origin. That’s the new system they have in place for all EA accounts.

    • Unaco says:

      I wouldn’t say I was convinced that Episode 1 & 2 were cut content from the original HL2. Some of what we saw in previews of HL2 wasn’t present in the final game, but did show up in some of the parts of the 2 episodes (for example the train crash experienced in Ep1 was supposed to be used for the arrival at the Air Exchange (another cut location), St Olga was cut and then included in Lost COast, the Borealis was meant to be a location, the location Judith Mossman broadcasts from (Kraken base) was meant to be in the original HL2, and will likely feature more prominently in Ep3)… and I felt as is HL2 itself was quite short. But, what the fuck do my thoughts on HL2 and Ep1 & 2 have to do with the current topic of discussion?

      Also… EA really are pushing Origin. It might be the new system replacing EA accounts, or in place of EA accounts… but they are pushing it currently. It’s getting a fair bit of press and attention, they’ve been talking about it, mentioning it in all their E-mails, including it in their E3 presentation etc. In fact, to use a quote from GamePro (on the E3 presentation)…

      “Origin — EA is pushing Origin.com as the main place to go to find out about EA games. Is EA attempting to rebrand entirely, or simply establish Origin as a high-profile gaming portal?”
      http://www.gamepro.com/article/news/220014/e3-eas-press-conference-the-round-up/

      Also, announcing things like SWTOR being exclusive on Origin for Digital copies, no announcement of BF3 on Steam. They are currently ‘pushing’ Origin out.

    • Resonance says:

      “Because a 10 year old BIOWARE server, hosting the forum for a BIOWARE game being hacked is of course EA:s fault.”
      Oh come on, actually look up what’s occurred – people with no history of NWN are getting e-mails about this, EA were either storing all Bioware game data on this server, or all EA accounts were compromised and they’re trying to spin it as a simple forum hacking…
      It looks like they got the whole of the Bioware social data, which would mean everyone who has ever bought a Bioware game would be effected…
      Not to mention peoples Origin passwords would have been stolen since this directly effects EA accounts – this is not a simple forum hacking, and this is defiantly EA’s fault…

    • Kadayi says:

      @Resonance

      Alternatively, perhaps they are just being judicious.

  24. Thirdstar says:

    You know what? I blame the entire videogame and parts of the internet industry for requiring accounts/email/passwords for damn near anything. And I am myself on the top of the blame list, for going along with it and not having the foresight to see what a massive clusterfuck that would turn out to be.

  25. Ajh says:

    ….So the account I haven’t used in 6 or 7 years is compromised?

  26. Gothnak says:

    I ensure NOTHING uses the same password as my hotmail & Paypal accounts, even ebay is different. All my games forums/login sites use the same, but tbh, there isn’t anything on there that is particularly sensitive.

    So yeah, they can now log on to a bunch of my other forums, which is nice for them, well done. And i stupidly recently lost my wallet, so my old card details are cancelled too.

    I’m still impressed that they can still hack in a way that is untraceable, you’d think tech would exist to track them these days. I wish they’d actually do something a bit more useful than continually hack games websites, it all seems a bit childish.

  27. Premium User Badge

    shoptroll says:

    Fun thing I discovered while trying to reset my password:

    There’s a hard limit on the number of characters you can use.

    Thanks a lot EA.

    • Kismet says:

      Discovered that back in the days of Dragon Age: Origins release, as I was trying to create an EA account.

      Clearly it didn’t tell me that the password was too long: when trying to register on the Italian EA page, it told me that the server couldn’t be reached and to please try again later, while the US one said that there was already an account associated to the email I had chosen (one I had just created for the purpose).

      Before figuring out by myself that the issue was related to the password, I had the weird idea of sending a mail to EA support, which replied asking me:

      – my EA account
      – associated mail
      – password (!)
      – serial key for the product I was asking support for
      – game title

      …and specified that all the informations provided would have been used respecting privacy laws and only in order to solve my issue.

  28. Andy`` says:

    I got my account reset and I’ve never played NWN, nor been on the forums for it ever. I’ve got a Bioware account with the ME games and DA1, but that’s it.

    I want to assume I’m unaffected anyway as none of my data should have been on that server but I’m not really sure.

  29. aircool says:

    Has this got anything to do with why I can’t log into my BFBC2 account?

  30. Bob says:

    Mm, I never played NWN or own the game and still got the e-mail. The upshoot is I’ve now got a new password for the Bioware social forum/EA. I changed EA’s password first and it was what I then had to log into the Bioware Social forum with. Good fucking grief, I then got an e-mail from a portable HDD retailer about all the hacking going on and how backing up with *their* product would be wise.

    After I stopped cursing I did find the irony amusing. LOL

  31. ScubaMonster says:

    Why would there have even been credit card details on a NWN forum? lol. So, obviously your details are safe :P

    That’s like saying, “Someone robbed your bank, but don’t worry, they didn’t steal your dog”.

    • Veracity says:

      NWN had paid DLC. Buggered if I can remember whether that was tied to the (then) general Bioware account, but might have been. Still a reasonable question what they’re doing storing credit card information at their end at all, though, especially for years.

  32. Milky1985 says:

    User/Passwords being comprimised can be sorted, what about our CD keys tho? Now i’m at risk of being called a pirate by the company because they thought that storing my CD key internet facing with no encryption was a good idea!

    can’t even remmeber if i registered NWN back then but theres still a risk :p

  33. gwathdring says:

    Huh. I played NWN quite a bit back in the day, but I never got an e-mail. Even had a forum account that I used for Mass Effect and NWN.

    I changed all of my accounts that shared a password with the old NWN account, but none of them seemed compromised. I can’t even figure out how to ACCESS the old forums now that everything is switched over to social.bioware.com. Or is that just because of the shutdown/hack?

  34. L0Bi says:

    Does anyone know how many users of any of these Hacked sites have actually had money stolen?
    You guys wanna throw your Biographical data all over the net then go baw when someone takes the time to point out the folly of this by exposing just how unsafe such practice is.
    By all means continue to let corporations farm personal data so they can market to your weaknesses making it even more likely you will buy stuff you do not need.
    When companies are sold their client database is part of the deal. It can end up anywhere anyway. There is no privacy on line, deal with it.
    The internet is a leaky boat and fools continue to pile their stuff into it.
    What is Meer afraid of anyway, That someone will edit his pervy FanFic and make it readable?