We recently learned that hackers gained unauthorized access to the decade-old BioWare server system supporting the Neverwinter Nights forums. We immediately took appropriate steps to protect our consumers’ data and launched a thorough ongoing evaluation of the breach. We have determined that no credit card data was compromised from the servers, nor did we ever have or store sensitive data like social security numbers. Our investigation shows that information such as user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates from these forum accounts on the system may have been compromised, as well as other information (if any) that you may have associated with your EA Account. In an abundance of caution, we have changed your password to ensure account security. Please visit this [link redacted] to reset your password immediately.
If your link has expired, click here to generate a new email.
We take the security of your information very seriously and regret any inconvenience this may have caused you. If your username, email address and/or password on your EA account are similar to those you use on other sites, we recommend changing the password at those sites as well. We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support at 1-877-357-6007.
I could see how game companies will close old forums. So people that love classic games will lost the ability to fix bugs and problems that where common knogwment at the time.
These crackers make life worse for everyone.
I propose a gentlement pact. Since these people want publicity, to avoid talking about his actions in public.
Best way to update your password without going near the email is go to EA.COM. Try to log in. When it tells you your password is invalid, hit the “Forgot password” link. And you’ll get a password email you know you can trust (which, by the way, looks very much like the password token in the hack email we got).
Yea, that email was very dodgy looking. Seems like they used “Asian-spammer-codepage” for their html (argh!) email.
Went to https://ea.com and got a warning message. Went to https://www.ea.com and got a red https lock, and couldn’t find a login button. so went to https://www.ea.com/profile and finally managed to login and change password. Starting to love KeePass, only downside is that I am sure my HD will crash and all my passwords will be hosed, so I started to export them to a html file that I can print out.
FWIW according to the e-mail the passwords taken were encrypted. This is, of course, standard practice, but AIUI the Sony passwords taken were in plaintext (WTF Sony why would you store passwords in plaintext).
I’d take a stab at guessing that is because the developers of their infrastructure were paid to do a job as cheap as possible - or risk being replaced - to ensure the executives could take out a bigger bonus at the end of the year.
Lots of places dont understand why password encryption is a good idea. “But then how can we send the customer their passwords in password reset emails?”
This is not true. The PSN passwords were hashed. The claim that they were stored in plaintext was just FUD being spread without evidence. In fact, I’m fairly certain it was basically part of a campaign of misinformation being conducted by Anonymous and their supporter along side the original DDOS and Hack attacks to damage Sony’s image in any way possible.
Would love for that to be true, particularly since I can’t figure out which password I used on the PSN. I have tried to login with some of my standard passwords and they don’t work, so hopefully my PSN password was something different.
