EA confirms customer data stolen

Electronic Arts says personal data and "some unencrypted passwords" compromised on server hosting BioWare Neverwinter Nights forums.

Eric Mack Contributing Editor

Eric Mack has been a CNET contributor since 2011. Eric and his family live 100% energy and water independent on his off-grid compound in the New Mexico desert. Eric uses his passion for writing about energy, renewables, science and climate to bring educational content to life on topics around the solar panel and deregulated energy industries. Eric helps consumers by demystifying solar, battery, renewable energy, energy choice concepts, and also reviews solar installers. Previously, Eric covered space, science, climate change and all things futuristic. His encrypted email for tips is ericcmack@protonmail.com.

Expertise Solar, solar storage, space, science, climate change, deregulated energy, DIY solar panels, DIY off-grid life projects. CNET's "Living off the Grid" series. https://www.cnet.com/feature/home/energy-and-utilities/living-off-the-grid/ Credentials

Finalist for the Nesta Tipping Point prize and a degree in broadcast journalism from the University of Missouri-Columbia.

See full bio

Eric Mack

June 24, 2011 2:25 p.m. PT

2 min read

Hackers broke into a server hosting the forum for BioWare Neverwinter Nights and made off with user information. Screenshot by Eric Mack/CNET

Electronic Arts has confirmed that one of its server systems was breached and customer information was stolen and said this week that it's continuing to investigate the intrusion.

The company has updated an earlier Q&A deep in the support section of its Web site with some information on the hack of a system that hosts its BioWare Neverwinter Nights forum. The company says it learned about the hack on June 14 and gets right to the point with some frequently asked questions:

Q: How extensive was BioWare's data breach?
A: The only server system known to have been affected by the unauthorized attack was that supporting BioWare Edmonton's Neverwinter Nights forums.

OK, but...

Q: Why did this happen?
A: The server system associated with the Neverwinter Nights forums was the target of a highly sophisticated and unlawful cyber attack. While we have security controls in place, even the best software and processes can't keep up with hackers 100 percent of the time. We have moved swiftly to implement additional security controls to prevent this type of breach from happening again to secure your data and are conducting further evaluations now.

EA also says it has disabled "potentially affected legacy BioWare accounts" and reset passwords of any affected EA accounts. The company says anyone with a potentially affected account will receive an e-mail with more information.

The company adds that the hackers did not get ahold of vital personal information such as credit card or social security numbers, but "that information such as user names, encrypted passwords, e-mail addresses, mailing addresses, names, phone numbers, CD keys and birth dates" could have been compromised. In other words, plenty of information that could be quite useful for phishing attempts.

And here's an interesting tidbit tucked further down in the Q&A: "Hackers obtained access to unencrypted passwords of a relatively small number of users, who have been notified." No explanation of what qualifies you for the unlucky club of customers who don't get their passwords encrypted.

In case you haven't left the secure emptiness of MySpace in the past three months, this is the latest in a long string of attacks on gamemakers and just about everyone else, stretching all the way back to the infamous Sony PlayStation Network hack in April.

No one has yet claimed responsibility for the EA hack, which has escaped broad media attention until today, possibly because Neverwinter Nights is a decade old.