BioWare sent out an email last night warning users that its old Neverwinter Nights forum server had been hacked and that user data related to current EA accounts may have been compromised.
A large number of BioWare users discovered last night via an email from BioWare Edmonton General Manager Aaryn Flynn that a server running an old Neverwinter Nights forum had been hacked and that a not-insignificant amount of user data had been compromised. No credit card numbers were stolen but user names, email addresses, encrypted passwords and other information was lost and although the forum itself was old, some of the information taken may be associated with current EA accounts.
"We recently learned that hackers gained unauthorized access to the decade-old BioWare server system supporting the Neverwinter Nights forums," Flynn wrote. "We immediately took appropriate steps to protect our consumers' data and launched a thorough ongoing evaluation of the breach. We have determined that no credit card data was compromised from the servers, nor did we ever have or store sensitive data like social security numbers."
As a precaution, BioWare changed all affected user passwords and provided links to reset them in the email. The studio also said that it has notified everyone whose information may have been compromised.
"We take the security of your information very seriously and regret any inconvenience this may have caused our customers and fans," Flynn wrote. "If your username, email address and/or password on your Neverwinter Nights account are similar to those you use on other sites, we recommend changing your password at those sites as well."
But what makes it a bit odd is that a trip to the BioWare Social Network reveals that the attack actually took place more than a week ago. Some email notifications were issued at the time, but the current round appears to have gone out in the wake of an update to Flynn's original message. It's possible that the continuing investigation revealed that more accounts were affected by the hack than previously thought, or maybe the system just grinds slowly; many users who received notification of the breach last night have reported that the password reset link is taking hours to respond.
Whatever the case and whether you were notified or not, it can't hurt to go change your password anyway, so you might want to go ahead and do that. More information about the hack and what BioWare is doing about it can be found at the NWN Forums Breach FAQ.
Thanks to everyone who sent this in.