PDA

View Full Version : So Bioware forums were hacked.



cybrbrnt
24-06-2011, 07:57 AM
Just got an email saying that their decade old servers were hacked, but they say no credit card information was stolen. User data such as email addresses and passwords were compromised as well as CD keys though.

Vexing Vision
24-06-2011, 08:05 AM
Yep, same here. On all three of my accounts. (Yeah, I used to love NWN with an unhealthy passion.)

sinomatic
24-06-2011, 08:24 AM
I never played NWN......so not entirely sure why I (and others) should be affected by this, yet we are.

Vexing Vision
24-06-2011, 08:41 AM
Mhmm, my Dragon Age Origins stuff wasn't hacked, only the email addresses I used for NWN. (Never registered Planescape or BG).

Jade Empire maybe? Anyway. Should we make a betting pool who's next in line?

Vague-rant
24-06-2011, 09:23 AM
Hmm, first one of these that affected me. Think I had to sign up there for some Mass Effect 1 DLC. Oh well.

cybrbrnt
24-06-2011, 09:24 AM
When will the madness end?

GothicEmperor
24-06-2011, 09:30 AM
It was real? I don't remember using the NWN forums, yet the e-mail only referred to that, so I deleted it.

Anthile
24-06-2011, 09:34 AM
Got an email as well. Thunderbird said it might be a scam email. Here is the full text in case anybody cares:


We recently learned that hackers gained unauthorized access to the
decade-old BioWare server system supporting the Neverwinter Nights
forums. We immediately took appropriate steps to protect our
consumers' data and launched a thorough ongoing evaluation of the
breach. We have determined that no credit card data was compromised
from the servers, nor did we ever have or store sensitive data like
social security numbers. Our investigation shows that information
such as user names, encrypted passwords, email addresses, mailing
addresses, names, phone numbers, CD keys and birth dates from
accounts on the system may have been compromised, as well as other
information (if any) that you may have associated with this forum
account. In an abundance of caution, we have disabled your legacy
Account. To create a new account please visit social.bioware.com.

We take the security of your information very seriously and regret
any inconvenience this may have caused you. If your username, email
address and/or password on your Neverwinter Nights account are
similar to those you use on other sites, we recommend changing the
password at those sites as well. We advise all of our fans to always
be aware of any suspicious emails or account activity and report any
suspicious emails and account activity to Customer Support at
1-877-357-6007.

If you have questions, please visit our FAQ at
http://support.ea.com/app/answers/detail/a_id/5367/ or contact
Customer Support at the phone number above.


Aaryn Flynn
Studio GM, BioWare Edmonton
VP, Electronic Arts

Vexing Vision
24-06-2011, 09:46 AM
The scamming part is an interesting theory, but one I can definitely void - one of the emails came to an email-address I never used anywhere else for any purposes. I'm amazed it still existed and that the autoforward still works!

It was a charactername@guildname.dk address, and so obscure that during the eight years of it's existence, it never attracted a single mail of spam. We only used it for our Guild's Stronghold, which we redesigned as a NWN shard for guildmeetings.


Hmmm. With all those emails of ours running around, what I would do is send out fake beta-invites to these. It's definitely something we'll need to watch out for. :(

sinomatic
24-06-2011, 09:47 AM
It did indeed look mightily dodgy, but I couldn't seem to access my bioware account until I went and reset my password (which I did by going direct to the ea site instead of using the link in the mail.....god knows why they would send something out that looks so 'phishy').

Kadayi
24-06-2011, 10:01 AM
It's official. I did the reset and everything and it went through the usual security measures and took me all the way back to origins to re-sign in, and the password had changed. I presume it was another case of the sad sad wankers at lulzsec again. I'm rather hoping that Seal Team Six are the ones who get to 'secure' them when the Sword of Damocles eventually falls.

MiniMatt
24-06-2011, 10:08 AM
Received the same here, and yep looks phishy but is genuine.

Usual suspects don't appear to be boasting just yet.

vanilla bear
24-06-2011, 10:20 AM
Reset my password and was told "Your Profile is 25% complete - why not tell us more?

NO THANK YOU

Toamouse
24-06-2011, 10:30 AM
Oddly I don't recall linking my old Bioware account with my EA/Origin one.
When I tried to reset my password it started it for the one my battlefield/C&C4(/shudder) are linked to.

sinomatic
24-06-2011, 10:45 AM
Reset my password and was told "Your Profile is 25% complete - why not tell us more?

NO THANK YOU

I burst out laughing at that point.

Also, this bit in the email: "nor did we ever have or store sensitive data like social security numbers. Our investigation shows that information such as user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates from accounts on the system may have been compromised"

Kablooie
24-06-2011, 01:04 PM
Old NWN fanatic here (scripted & ran a site for 6 years).
Never ordered anything from EA, though, so no info besides an encrypted password which I've changed.

EDIT: but hold on, that was the EA forums, not the old NWN forums. Meh. Guess I'd better change all those, too, just in case.

Kadayi
24-06-2011, 03:33 PM
http://www.guardian.co.uk/technology/2011/jun/24/inside-lulzsec-chatroom-logs-hackers

Interesting

cjlr
24-06-2011, 04:42 PM
It's nice when accounts I don't even remember having are hacked. I have had the same email for 8 years, though, so at least I got the notification. But then, if it's that old, the password is certainly nothing like the ones I've used recently, nor do I particularly care if CD keys for old, old games are jacked; since I wouldn't have put in any personal information, that's all anyone would have gotten...

DarkTAO
24-06-2011, 06:02 PM
I had to do the same. Got the email yesterday. Lulzsec acts like it's fighting the whitehats and championing for Wikileaks.. but really they are just being douches.

goatmonkey
24-06-2011, 06:27 PM
I too could not get at my EA account till I reset my password whether that was a security measure or a hijack I don't know, be nice to get some free games from this or be able to register my older EA games on origin

MiniMatt
24-06-2011, 07:06 PM
Out of curiosity - anyone seen any "twas me! I'm l33t!" claims over this?

I'm kinda of the thinking that there are two kinds of peeps doing this sort of thing out there - those that are ego-driven (Lulz, Anon, feck only know what Jester, Poison etc are out for but ego seems to play a huge part), and those that are more sinister. The ones that shut the feck up and make use of what they find are more scarysome. Not seen any ego-driven claims over this one which makes me suspect the latter scenario is in play.

Kadayi
24-06-2011, 07:55 PM
Well there was that weird story about how some opportunist hacker basically funnelled off a whole bunch of Deep Web moneys which is kind of interesting: -

http://www.guardian.co.uk/technology/2011/jun/22/lulzsec-rogue-suspected-of-bitcoin-hack

The people who trade in Bitcoin are very much on the fringe (of anything acceptable) so to speak.

Jacques
24-06-2011, 08:57 PM
Yup, got the same email this morning as well, clever me, my account name was my real full name. Now to try remember my password to login and change my details.

/edit

Upon further inspection, I can find no way to log back into the account to retrieve my numerous CD keys. Good job Bioware.

Kadayi
24-06-2011, 09:25 PM
Jacques they reset the passwords. You basically follow the link in the original mail or hit the forgot button to reset it for them to generate a new one.

Jacques
24-06-2011, 10:34 PM
I didn't have that link in my email, only one to a FAQ about the hack.
This is for the old accounts on the Neverwinter Nights forums, right? Because I can't even find how to get back to those to generate a new password. My new EA Social account isn't linked to my old Bioware one.

Wizardry
24-06-2011, 10:36 PM
I don't quite understand this. I got an email about this asking me to reset my password, but as far as I was aware I've never had a BioWare account before. So when I reset my password for my supposed account at the EA site, it then gave me a list of EA games I've registered with the account, with a single game on, one I bought from Steam but haven't played yet. I'm puzzled. Has Valve been sharing my email address with publishers? If so then it's time to stop using Steam too.

Kadayi
25-06-2011, 12:07 AM
TBH I think the NWN forums were taken down some time ago Jacques. If there were a link still for them it would be at www.bioware.com

Jacques
25-06-2011, 12:16 AM
I'm pretty sure you're right, Google searching my name and Bioware found a link to the forum, but it just redirected to www.bioware.com.
Oh well, no real harm done, I think I've repurchased all the game I had on that account on my Steam account anyway.

Kadayi
25-06-2011, 12:33 AM
They kind of rolled everything into the bioware social iirc and that tied into your EA account (I remember linking one to the other at some point). You might well find that you can recover your password from the Bioware social forums.:-

http://social.bioware.com/forum/1/index

Estel
26-06-2011, 12:12 AM
EA Battlefield Heroes user info has just been leaked too (200K+ users)

corbain
22-08-2011, 10:54 PM
Just realised that as an upshot of this hacking attempt, they have taken their NWN verification servers offline, which means that the premium modules can now be downloaded and installed/played for free! Atari had for the last 18 months or so blocked new sales, but now it seems that unless a new verification server is put up, these are now FTP!

I've installed them and verified they work, would be great if someone else could do the same. Of note is that when launched they do attempt to contact the verification server, but that fails and the game launches. Would be interesting to see if these work even when offline.. I can't test that right now as I'm at work.


http://content.bioware.com/neverwinternights/modules_premium/PiratesOfTheSwordCoast_Installer.exe

http://files.bioware.com/neverwinternights/modules_premium/InfiniteDungeons_Installer.exe

http://files.bioware.com/neverwinternights/modules_premium/WyvernCrown_Installer.exe

corbain
23-08-2011, 04:27 PM
Tried this at home, and the NWN Premium module verification fails if you are offline strangely.

Tei
23-08-2011, 04:49 PM
Just realised that as an upshot of this hacking attempt, they have taken their NWN verification servers offline, which means that the premium modules can now be downloaded and installed/played for free! Atari had for the last 18 months or so blocked new sales, but now it seems that unless a new verification server is put up, these are now FTP!


If thats not the intention of Bioware, this is bug abusing. You sould probably not give that information!.

corbain
23-08-2011, 06:52 PM
If thats not the intention of Bioware, this is bug abusing. You sould probably not give that information!.

It's not really a bug if a company intentionally disables their online DRM mechanism, even as a result of a hacking attempt. They've had over a month now since the attack to get it back online.

I should also say that the module launcher at no point says it has failed to authenticate, you get a message saying "authenticating" and then the game loads. For all I know, the server could be back online now but it's just unannounced policy that these modules are now FTP. Perhaps someone from Atari/Bioware has been reading our "abandonware" thread, a category which these modules surely fall into.

Even if the truth is the authentication fails because the server is offline, then it is surely not illegal to take advantage of it.