All companies who have any information stored on the Internet should absolutely respect Internet security and make it their number one priority at all times. Lately, it seems like companies such as Sony (and their related brands) and Sega have taken this matter lightly. Well, add Electronic Arts to the list of companies who have had a breach in security, as this week their BioWare brand fell victim to the hacker groups who are going after videogame developers and manufacturers. I guess the good news here is that the attack was on Neverwinter Nights servers. Does anyone still play that game?
In the onslaught of attacks, user information like phone numbers, email and mailing addresses, CD keys and birth dates were taken, which is pretty much the lower level, usual data that we see snatched up in breaches like this, at least to begin with. No credit card information or social security numbers have been reported to be stolen. To date, we have not heard who is responsible for this attack, although it is rumored that Anonymous members went to work outside of the group's defined operations.
EA has posted a Q&A about the attacks, and we have excerpts from it and our thoughts after the break.
Some interesting news here is that the hackers have uncovered some unencrypted password to "a relatively small number of users, who have been notified". I'd like to know what they have as criteria to determine which users get their passwords encrypted and which do not.
Here's news on the breach right from EA's mouth, or at least from their Q&A.
Q: How extensive was BioWare's data breach?
A: The only server system known to have been affected by the unauthorized attack was that supporting BioWare Edmonton's Neverwinter Nights forums.
Q: What has BioWare done in response to this breach?
A: We acted immediately to secure the server system associated with Bioware Edmonton's Neverwinter Nights forums and launched an ongoing evaluation of the breach. To further enhance security, we are disabling potentially affected legacy BioWare accounts and reset the passwords of any EA Accounts that were affected. Emails have been sent to all users alerting them to the issue with instructions on how to change their passwords and/or create new accounts (as applicable).
Bad news here is that while it may be a game that you played almost a decade ago, if you linked that account to your EA account, information in your EA account may be compromised as well. Affected users will be receiving emails about what the next steps will be.
However, yet again we have another company and another data breach. When will the madness end? Better yet, go after GameStop! They're one of the most evil ones out there.