EA confirms customer data stolen

Electronic Arts says personal data and "some unencrypted passwords" compromised on server hosting BioWare Neverwinter Nights forums.

Hackers broke into a server hosting the forum for BioWare Neverwinter Nights and made off with user information. Screenshot by Eric Mack/CNET

Electronic Arts has confirmed that one of its server systems was breached and customer information was stolen and said this week that it's continuing to investigate the intrusion.

The company has updated an earlier Q&A deep in the support section of its Web site with some information on the hack of a system that hosts its BioWare Neverwinter Nights forum. The company says it learned about the hack on June 14 and gets right to the point with some frequently asked questions:

Q: How extensive was BioWare's data breach?
A: The only server system known to have been affected by the unauthorized attack was that supporting BioWare Edmonton's Neverwinter Nights forums.

OK, but...

Q: Why did this happen?
A: The server system associated with the Neverwinter Nights forums was the target of a highly sophisticated and unlawful cyber attack. While we have security controls in place, even the best software and processes can't keep up with hackers 100 percent of the time. We have moved swiftly to implement additional security controls to prevent this type of breach from happening again to secure your data and are conducting further evaluations now.

EA also says it has disabled "potentially affected legacy BioWare accounts" and reset passwords of any affected EA accounts. The company says anyone with a potentially affected account will receive an e-mail with more information.

The company adds that the hackers did not get ahold of vital personal information such as credit card or social security numbers, but "that information such as user names, encrypted passwords, e-mail addresses, mailing addresses, names, phone numbers, CD keys and birth dates" could have been compromised. In other words, plenty of information that could be quite useful for phishing attempts.

And here's an interesting tidbit tucked further down in the Q&A: "Hackers obtained access to unencrypted passwords of a relatively small number of users, who have been notified." No explanation of what qualifies you for the unlucky club of customers who don't get their passwords encrypted.

In case you haven't left the secure emptiness of MySpace in the past three months, this is the latest in a long string of attacks on gamemakers and just about everyone else, stretching all the way back to the infamous Sony PlayStation Network hack in April.

No one has yet claimed responsibility for the EA hack, which has escaped broad media attention until today, possibly because Neverwinter Nights is a decade old.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Uber's tumultuous ups and downs in 2014 (pictures)
The best and worst quotes of 2014 (pictures)
A roomy range from LG (pictures)
This plain GE range has all of the essentials (pictures)
Sony's 'Interview' heard 'round the world (pictures)
Google Lunar XPrize: Testing Astrobotic's rover on the rocks (pictures)