EA confirms customer data stolen
Electronic Arts says personal data and "some unencrypted passwords" compromised on server hosting BioWare Neverwinter Nights forums.
Electronic Arts has confirmed that one of its server systems was breached and customer information was stolen and said this week that it's continuing to investigate the intrusion.
The company has updated an earlier Q&A deep in the support section of its Web site with some information on the hack of a system that hosts its BioWare Neverwinter Nights forum. The company says it learned about the hack on June 14 and gets right to the point with some frequently asked questions:
Q: How extensive was BioWare's data breach?
A: The only server system known to have been affected by the unauthorized attack was that supporting BioWare Edmonton's Neverwinter Nights forums.
Q: Why did this happen?
A: The server system associated with the Neverwinter Nights forums was the target of a highly sophisticated and unlawful cyber attack. While we have security controls in place, even the best software and processes can't keep up with hackers 100 percent of the time. We have moved swiftly to implement additional security controls to prevent this type of breach from happening again to secure your data and are conducting further evaluations now.
EA also says it has disabled "potentially affected legacy BioWare accounts" and reset passwords of any affected EA accounts. The company says anyone with a potentially affected account will receive an e-mail with more information.
The company adds that the hackers did not get ahold of vital personal information such as credit card or social security numbers, but "that information such as user names, encrypted passwords, e-mail addresses, mailing addresses, names, phone numbers, CD keys and birth dates" could have been compromised. In other words, plenty of information that could be quite useful for phishing attempts.
And here's an interesting tidbit tucked further down in the Q&A: "Hackers obtained access to unencrypted passwords of a relatively small number of users, who have been notified." No explanation of what qualifies you for the unlucky club of customers who don't get their passwords encrypted.
In case you haven't left the secure emptiness of MySpace in the past three months, this is the latest in a long string ofon gamemakers and just about everyone else, stretching all the way back to the infamous Sony PlayStation Network in April.
No one has yet claimed responsibility for the EA hack, which has escaped broad media attention until today, possibly because Neverwinter Nights is a decade old.