Posted at http://social.bioware.com/forum/1/topic/6/index/7653193:
Yesterday (June 14), we learned that a hacker gained unauthorized access to the decade-old BioWare community server system associated with the Neverwinter Nights forums. We immediately took appropriate steps to protect our consumers’ data and launched an ongoing evaluation of the seriousness of the breach. We have determined that no credit card data was compromised, nor did we ever have or store sensitive data like social security numbers. However hackers may have obtained information such as user account names and passwords, email addresses, and birth dates of approximately 18,000 accounts–a very small percentage of total users. We have emailed those whose accounts may have been compromised and either disabled their accounts or reset their EA Account passwords. If you did not receive an email from us, or if your password still works for your EA account, your username and password were not compromised. Nevertheless, changing your password regularly is always helpful to protect your account.
We take the security of your information very seriously and regret any inconvenience this may have caused you. If your username, email address and/or password on the Neverwinter Nights forums are similar to those you use on other sites, we recommend changing your password at those sites as well. We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support at 1-866-543-5435.
Aaryn Flynn
Studio GM, BioWare Edmonton
VP, Electronic Arts
The FAQ at the support link says:
Q: How extensive was EA/BioWare’s data breach?
A: The data breach was extremely limited. The only server system known to have been affected by the unauthorized attack was that associated with BioWare Edmonton’s Neverwinter Nights forums. Approximately 18,000 accounts were affected—a very small percentage of total users.Q: When did EA/BioWare learn about the unauthorized access to the server system associated with the Neverwinter Nights forum?
A: June 14. We quickly assessed the exposure, communicated to our fans and re-issued accounts we believed may have been compromised.Q: What has EA/BioWare done in response to this breach?
A: We acted immediately to secure the server system associated with Bioware Edmonton’s Neverwinter Nights forums. We also launched an ongoing evaluation of the seriousness of the breach. To further enhance security, we have disabled all legacy BioWare accounts that were affected, and reset the passwords of any EA Accounts that were affected. Emails have been sent to all affected users alerting them to the issue with instructions on how to change their passwords and/or create new accounts (as applicable).Q: Is my information now safe?
A: Yes, we have taken the appropriate steps to secure the data in the server system associated with the Neverwinter Nights forums.Q: Why did this happen?
A: The server system associated with the Neverwinter Nights forums was the target of a highly sophisticated and unlawful cyber attack. We have moved swiftly to secure your data, and are conducting further evaluations now.Q: What exactly was breached?
A: Account names, email addresses, passwords, country and birth dates may have been exposed. No credit card data was exposed and we have never collected Social Security numbers. If you linked your legacy Bioware account with an EA Account, then additional information that you associated with your EA Account (if any) may have been accessible as well. Such information could include your name, mailing address, billing address, language, game entitlements and games played, and other game-specific account information depending on your use of your EA Account.Q: Was my account breached?
A: If you did not receive an email from us, or if your password still works for your EA Account, your username and password were not compromised and your account was otherwise unaffected.Q: How many accounts were affected?
A: Approximately 18,000 accounts—a very small percentage of total users of the Neverwinter Nights forums.Q: What will EA/BioWare do now?
A: We value the trust you’ve placed in us, and we are taking all the necessary steps to evaluate the seriousness of the breach. We will continue to do what is needed to protect your personal information.Q: Who should I contact for more information on this?
A: Customer Support is standing by to assist you at 1-866-543-5435 between the hours of 7am and 9pm CST.