Wednesday evening BioWare said in a blog that on Tuesday a hacker gained unauthorized access to the decade-old BioWare community server system associated with the Neverwinter Nights forums. The developer reportedly took immediate action after learning of the breach by protecting user data, and then launched an ongoing evaluation to determine the extent of the hackers' infiltration.
"We have determined that no credit card data was compromised, nor did we ever have or store sensitive data like social security numbers," said studio general manager Aaryn Flynn. "However hackers may have obtained information such as user account names and passwords, email addresses, and birth dates of approximately 18,000 accounts--a very small percentage of total users. We have emailed those whose accounts may have been compromised and either disabled their accounts or reset their EA Account passwords."
Flynn said that if users do not receive an email from BioWare, of if the password still works on the EA account, then chances are the hackers didn't retrieve their information. Naturally Flynn suggests that users should change passwords regularly; they also shouldn't use a universal password for all websites and accounts.
A FAQ provided by BioWare and EA states that the server system associated with the Neverwinter Nights forums was the target of a highly sophisticated and unlawful cyber attack. So far this was the only server system known to have been affected by the unauthorized attack. Once BioWare discovered the attack and locked down the server system associated with Bioware Edmonton’s Neverwinter Nights forums, the developer disabled all legacy BioWare accounts that were affected, and reset the passwords of any EA Accounts that were affected.
"We take the security of your information very seriously and regret any inconvenience this may have caused you," Flynn said. "We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support at 1-866-543-5435."
BioWare is just the latest in a growing list of gaming and government websites that have received a DDoS cannon and/or directly hacked. The onslaught seemingly initiated with an assault on the PlayStation Network that brought it to a screeching halt. Epic Games, Bethesda, EVE Online and the CIA are just a few that have suffered the wrath of hacker group LulzSec just in the last week. Currently it's unknown if LulzSec is behind the BioWare attack, so stay tuned.