Bioware Hacked

Is this old news? I just received this:

We recently learned that hackers gained unauthorized access to the decade-old BioWare server system supporting the Neverwinter Nights forums. We immediately took appropriate steps to protect our consumers’ data and launched a thorough ongoing evaluation of the breach. We have determined that no credit card data was compromised from the servers, nor did we ever have or store sensitive data like social security numbers. Our investigation shows that information such as user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates from these forum accounts on the system may have been compromised, as well as other information (if any) that you may have associated with your EA Account. In an abundance of caution, we have changed your password to ensure account security. Please visit this [link redacted] to reset your password immediately.

If your link has expired, click here to generate a new email.

We take the security of your information very seriously and regret any inconvenience this may have caused you. If your username, email address and/or password on your EA account are similar to those you use on other sites, we recommend changing the password at those sites as well. We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support at 1-877-357-6007.

If you have questions, please visit our FAQ at or contact Customer Support at the phone number above.

Aaryn Flynn
Studio GM, BioWare Edmonton
VP, Electronic Arts

I’m starting to get confused on who has been attacked and who has not. Wasn’t Bioware/old NWN servers ALREADY hacked?

I know, I read about that last week but just got the email now.

Because your ISP was also hacked

Seems to be affecting my EA account in general. And that link? So far… useless. How hard is it to send out an automated email with a new password?

Are we sure that’s a legit link? I got the mail as well, and it looks…funny

I don’t know if that email is legit (I received it too), though it seems to be. Certainly, there is pretty much the same info (except the link) on the Bioware forum:

Lots of people there report getting the email too. So it seems OK to me.


This is horrible.

I could see how game companies will close old forums. So people that love classic games will lost the ability to fix bugs and problems that where common knogwment at the time.

These crackers make life worse for everyone.

I propose a gentlement pact. Since these people want publicity, to avoid talking about his actions in public.

Not very smart to try to rectify a hacking incident with a very dodgy-looking email.

Best way to update your password without going near the email is go to EA.COM. Try to log in. When it tells you your password is invalid, hit the “Forgot password” link. And you’ll get a password email you know you can trust (which, by the way, looks very much like the password token in the hack email we got).


Yea, that email was very dodgy looking. Seems like they used “Asian-spammer-codepage” for their html (argh!) email.

Went to and got a warning message. Went to and got a red https lock, and couldn’t find a login button. so went to and finally managed to login and change password. Starting to love KeePass, only downside is that I am sure my HD will crash and all my passwords will be hosed, so I started to export them to a html file that I can print out.

Yeah, got that email too… Seems legit.

Bah, this got a very common password I use. Not for anything important, but for things that verge on being important. Bugger.

FWIW according to the e-mail the passwords taken were encrypted. This is, of course, standard practice, but AIUI the Sony passwords taken were in plaintext (WTF Sony why would you store passwords in plaintext).

I’d take a stab at guessing that is because the developers of their infrastructure were paid to do a job as cheap as possible - or risk being replaced - to ensure the executives could take out a bigger bonus at the end of the year.

And who cares about customer data anyway.

Lots of places dont understand why password encryption is a good idea. “But then how can we send the customer their passwords in password reset emails?”

Stupidity abounds in IT Security implementation.

True, if it’s encrypted and randomly salted, I should be OK. If it’s not salted it’s a pretty damn easy password to get in a rainbow table.

Seems relevant.

Interesting read.

This is not true. The PSN passwords were hashed. The claim that they were stored in plaintext was just FUD being spread without evidence. In fact, I’m fairly certain it was basically part of a campaign of misinformation being conducted by Anonymous and their supporter along side the original DDOS and Hack attacks to damage Sony’s image in any way possible.

Would love for that to be true, particularly since I can’t figure out which password I used on the PSN. I have tried to login with some of my standard passwords and they don’t work, so hopefully my PSN password was something different.