BioWare Neverwinter Nights server hacked

By Robert Purchese Published 16 June, 2011

"Highly sophisticated, unlawful cyber attack."

RPG giant BioWare was "the target of a highly sophisticated and unlawful cyber attack" and has been hacked.

The accounts of 18,000 people associated with the Neverwinter Nights forum were "affected", the developer explained - "a very small percentage of total users".

Account names, email addresses, passwords, country and birth dates "may have been exposed". No credit card details were "exposed" and "we have never collected social security numbers", assured BioWare in its hack FAQ.

No other BioWare servers are known to have been affected.

"Yesterday (June 14), we learned that a hacker gained unauthorised access to the decade-old BioWare community server system associated with the Neverwinter Nights forums," wrote BioWare Edmonton GM Aaryn Flynn. "We immediately took appropriate steps to protect our consumers' data and launched an ongoing evaluation of the seriousness of the breach.

"We have determined that no credit card data was compromised, nor did we ever have or store sensitive data like social security numbers. However hackers may have obtained information such as user account names and passwords, email addresses, and birth dates of approximately 18,000 accounts - a very small percentage of total users.

"We have emailed those whose accounts may have been compromised and either disabled their accounts or reset their EA Account passwords. If you did not receive an email from us, or if your password still works for your EA account, your username and password were not compromised. Nevertheless, changing your password regularly is always helpful to protect your account."

There's a chance that if you linked your legacy BioWare account with an EA account then the latter may be accessible to a hacker as well. Data stored there includes mailing and billing address, language, game entitlements and games played.

Why did the hacker target an old, devout PC modding and gaming community surrounding Dungeons & Dragons game Neverwinter Nights? Perhaps it was running on old hardware. Was it LulzSec, the hacker group that's taken out numerous targets including EVE Online and Minecraft? The lack of Twitter-based bragging by the group suggests not.

Neverwinter Nights was released on PC in 2002. Eurogamer's review awarded 7/10.

"If you're a role-playing fan and don't mind downloading additional content, Neverwinter Nights is something of a no-brainer," wrote Eurogamer's Gestalt. "It might not be the best role-playing game ever (not by a long shot), but it is arguably the most promising."

Picture of Robert.

About Robert Purchese

Bertie is Eurogamer's Senior Staff Writer. When he's not hunting down news stories he's often found playing with his kids or gabbling about fantasy games and strange online worlds. @Clert on Twitter.

Read more articles from Robert by visiting the Robert Purchese archive page.

You may also like...

Comments (31) Latest comment 11 months ago

Comments for this article are now closed, but please feel free to continue chatting on the forum!

  • Thedni #1 11 months ago

    It never rains but it pours.

    Looks like its only going to get uglier... *sigh*

  • Shikasama #2 11 months ago

    Maybe it was a veiled attempt to remind Bioware of a time when they made gfreat games as opposed to average games with high production values.

  • Murton #3 11 months ago

    The real crime here is that the EG only gave NWN a 7/10, though I suppose such an expansive game would be difficult to review accurately if you wanted to get the review out before release. When accompanied with all of its expansions it's possibly one the best D20 based RPGs going. Might dig out my original discs actually and relive Bioware's glory days.

    As for the story itself, I don't think was a professional hit, it feels like a test run. Bioware's community sites don't hold any valuable data, if these were professional criminals they'd target something with names and postal addresses for sale to marketeers/advertisers/debt collectors etc or something with credit card details to facilitate actual fraud, not a community website with very basic barely personal information.

  • shadow651 #4 11 months ago

    I really am failing to see the point. I mean sure I see the reasoning behind government website hacks, I disagree with them but still understand why they do it. Here it just seems like totally random and pointless attacks, for the 'lulz' hardly seems like a justifiable excuse to commit a crime

  • Bikram #5 11 months ago

    What the hell is going on? Why gaming industry?

  • sheldipez #6 11 months ago

    lulzsec took down eve again last night, and also posted what they claimed to be a complete list of x factor 2011 contestants info (DOB/name/loc/phone/emails etc.)

  • IonOnion #7 11 months ago

    Damn hipster hackers!
    Hacking is now too mainstream.

  • Agent_Orange #8 11 months ago

    7/10 WTH This game was amazing..

  • nuanimal #9 11 months ago

    Why the hell would BioWare need social security numbers in the first place?


  • coomber #10 11 months ago

    Maybe it was a veiled attempt to remind Bioware of a time when they made gfreat games as opposed to average games with high production values.

    And they did that by hacking Neverwinter Nights?

  • parablax #11 11 months ago

    Is the amount of hacking actually increasing, or is it just being more widely reported due to the PSN epsiode?

  • Ferral #12 11 months ago

    Something REALLY needs doing about this.

    Ever since the PSN hack this is becoming a daily occurence (makes me think of Die Hard 4). I said a while ago in the comments to another article similar to this that its not just Sony its affecting, it will end up happening to the larger gaming community and affect everyone eventually. Regardless of whether you are PS3, XBox, PC or casual player, everyone is becoming a target for these planks that have nothing better to do with their time. Just wondering how long it will be before they start attacking Windows activation servers and Live services from Microsoft. It doesnt matter what security you have, if they want in they will find a way to do it somehow.

    Its getting sickening seeing this on a daily basis

  • uzivatel #13 11 months ago

    Choosing one of BioWares worst games shows poor taste of whoever did it.

  • Dave_McCoy #14 11 months ago

    This is getting a bit boring now. I'm not even sure what they're trying to prove, if it's the same group, other than 'because they can'. It's certainly not for the benefit of gamers.

  • dangercopperfield #15 11 months ago

    This spate of hacking is seriously not good. I can see companies increasing subscription/ online charges just to tackle this issue. All gamers, in one voice, should tell these jokers to just FUCK OFF!

  • Caimbeul #16 11 months ago

    Without saying what they all want they are simply showing the world that they are a bunch of tossers. It now seems like they are doing it purely to piss people off and they also seem to have something against gamers according to some of their tweets.

  • dangercopperfield #17 11 months ago

    parablax
    The cats outta the bag here, after Sony and the headlines it made these groups just want notoriety. Chances are these pricks wouldnt even know what to do with your credit card info if they got it. No doubt, all companies have to fend off attacks on a weekly basis but now the more "skilled" groups have mobilised leading to more regular and sustained attacks.

  • rob_of_the_robots #18 11 months ago

    "All gamers, in one voice, should tell these jokers to just FUCK OFF! "

    I'm afraid that would proably just encourage them as it would prove they are getting under people's skin. Some people are just pathetic like that, they prefer to antagonise others rather than focus on their own shortfalls.

  • Spence1115 #19 11 months ago

    @Caimbeul - they don't want anything, they just find it funny, like prank calling or pizzas delivered at 3am to a random address. Some of the hacks had reason, like exposing security flaws - they made an attempt on the NHS, then told them that they didn't take anything because they're not fucking up a medical service, but that they should fix the flaws.

    However, EVE, Minecraft, The Escapist, and this (and more) are by request by people who find it funny.

    @dangercopperfield - they know most gamers don't want it. And they don't care. They find it funny pissing off gamers. They're essentially high school bullies in that sense, doing it because they enjoy it, not to prove a point or popularity.

  • Caimbeul #20 11 months ago

    any gamer hackers out there should unite and infiltrate them and take them down.

  • Murton #21 11 months ago

    "Is the amount of hacking actually increasing, or is it just being more widely reported due to the PSN epsiode? "

    More widely reported I reckon. And it's not just due to the PSN hack, the BBC in particular have been ramping up hacking stories since last Autumn, see the Anonymus campaign vs ACS Law and in favour of WikiLeaks in the Winter months. There would however appear to be an increase in hacking vs the games industry, which is likely because it's seen as an easier target than say, a bank or a Government but will give you access to almost as much valuable data for use in fraudulent activity.

    The sad part is that there's no real interest in forming a global or even multi-state law on hacking. If the UK/EU/US all got together and signed the relevant treaties for shared jurisdiction and extradition in cyber-crime cases we might actually be able to do something about hackers, but as it is right now the crime and perpetrator can be on opposite sides of the world meaning if you could identify the hacker you wouldn't be able to charge him with anything without first entering lengthy negotiations with his Government for extradition rights and everything that involved. Need I remind anyone that Gary McKinnon is still a free man in the UK (with bail limitations) despite our Government offering zero resistance to his extradition* for a crime which he committed over 10 years ago with the extradition application itself made 6 years ago.

    *I'm a big supporter of the Free Gary campaign and believe he should be tried here under British law and no extradited based on a treaty signed two years after his alleged crime, I'm just using it as an example of just how messy cross-border crimes are in the current system.

  • Inmediasress #22 11 months ago

    @parablax
    No it's just being more widely reported such small scale hacking/attempts are probably daily routine it's just shit stirring media bullshit.

  • optimusprym8 #23 11 months ago

    the sooner the war between 4chan, lulzsec, anon etc causes them all to self-impode the better

  • Shikasama #24 11 months ago

    Coomber - Touché!

  • HyperTails #25 11 months ago

    Hacking BioWare now? There's a line, and they didn't just cross it, they jumped over the damn thing.

  • phycus #26 11 months ago

    "Highly sophisticated, unlawful cyber attack." = used blank admin password

  • strangerism #27 11 months ago

    its the CYBER WAR

  • Xardan #28 11 months ago

    All this pointless hacking is starting to become very very suspicious. There is something going on behind the scenes...

  • jimr9999us #29 11 months ago

    Neverwinter Nights? Really?

    I mean, why?

  • Subdominator #30 11 months ago

    "We immediately took appropriate steps to protect our consumers' data"

    It would be, you know, nice, if you would take the appropriate steps to protect out data from day one and not only after you were hacked. Of course that is not only a problem of companies, almost every computer and phone out there is not sufficiantly protected. Because working protection costs money, a lot of it.

  • Trigg3rHippie #31 11 months ago

    From this moment hacking is officially not cool anymore.