Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Neverwinter Forum Hacking Apology

An updated post on the BioWare Social Network offers apologies for the recent hacking incident on the Neverwinter forums and an updated EA support FAQ on the topic. Here's a bit: "We take the security of your information very seriously and regret any inconvenience this may have caused our customers and fans. If your username, email address and/or password on your Neverwinter Nights account are similar to those you use on other sites, we recommend changing your password at those sites as well. We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support at 1-877-357-6007. Aaryn FlynnStudio GM, BioWare EdmontonVP, Electronic Arts." Thanks GamesIndustry.biz.

View
26 Replies. 2 pages. Viewing page 1.
< Newer [ 1 2 ] Older >

26. removed Jun 25, 2011, 12:47 Krovven
 
* REMOVED *
This comment was deleted on Jun 25, 2011, 13:11.
 
Reply Quote Edit Delete Report
 
25. removed Jun 24, 2011, 20:16 Cutter
 
* REMOVED *
This comment was deleted on Jun 25, 2011, 13:11.
 
Avatar 25394
 
"Bye weeks? Bronko Nagurski didn't get no bye weeks, and now he's deadů Well, maybe they're a good thing." - Moe
Reply Quote Edit Delete Report
 
24. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 18:36 GeneralAdmission
 
The notification email I received from EA/Bioware stated exactly this:
"In an abundance of caution, we have changed your password to ensure account security."

But in fact this was not true. My password was not changed until I changed it (which of course I did). I'm well aware that companies with good security can be breached, and on that alone I wouldn't point the finger of failure at the company. I can't comment on the general quality of EA/Bioware's security systems, but regarding this instance I have two concerns:

-They did not in fact automatically change my compromised account password
-There was a significant delay between the actual breach and the notification I received

This means that anyone capable of decrypting my compromised password would have obtained instant access to my account, and I would have had no knowledge of it until too late. Additionally, the day before receiving EA's notice I received an email to my NWN-associated comcast address that contained a single hyperlink to a url ending in photo.jpg5236323636363636525252.exe. Lazy attempt for sure, but in the ten years I've had this account this is the first such malware attack that has landed in my inbox. No, I can't call it definitive proof, but the timing and circumstances raise a giant red flag strongly indicating that someone grabbed my compromised email address and targeted me for an encore.

Bottom line is the poor response to the breach is what inspires a lack of confidence in or desire to due business with EA (as if their games and practices hadn't already done enough).
 
Reply Quote Edit Delete Report
 
23. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 18:32 Verno
 
Krovven wrote on Jun 24, 2011, 17:50:
I like to think that I can be objective, but it's not always easy. I may argue against a single point someone has made that I disagree with, when I otherwise agree with them. This would be one of those times.

Fair enough, everyone is entitled to their opinion and I didn't mean to sound snipey. Personally I think they are reaping what they've sown here but ultimately it will be a good thing as it will teach some long term lessons.
 
Avatar 51617
 
Playing: Dragon Age Inquisition, Far Cry 4, This War of Mine
Watching: The Walking Dead, The Fall, As Above So Below
Reply Quote Edit Delete Report
 
22. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 18:29 Creston
 
Krovven wrote on Jun 24, 2011, 15:31:
As I've said before, all the security in the world is not going to prevent something from happening if the person/group has the determination and resources behind them to do it.

So far the "resources" that lulzsec seems to be using are

1) LOIC.
2) SQL injections.
3) and a few other fairly simple-to-avoid vulnerabilities. (pretty much all of which were patched YEARS ago.)

I agree that nothing is 100% secure, but let's get realistic here. We're talking about some script kiddies who are hacking everything with the digital equivalent of a fucking swiss army knife...

I don't expect a company to sink 20 million bucks into securing its website (unless it's Paypal or Amazon or something like that.)
I DO expect a company like EA, that has a storefront and maintains people's personal info and CC information, to at least have the fucking decency to make sure its webfront is protected and has the latest security patches applied. And that they've got at least one person hired who knows something about security.

Of course, knowing EA, their security is probably run by forum volunteers, and their first thought when they saw they were hacked was "Oh well, there's posts about that on the tech support forum. No need to do anything."

Creston
 
Avatar 15604
 
Reply Quote Edit Delete Report
 
21. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 17:50 Krovven
 
Verno wrote on Jun 24, 2011, 16:58:
You don't seem to apply this stoic objectivity to other topics but whatever.

Would entirely depend on what we are talking about.

I like to think that I can be objective, but it's not always easy. I may argue against a single point someone has made that I disagree with, when I otherwise agree with them. This would be one of those times.

I dont think most of the companies have done all they can to protect end user information.

But you also have to draw a line somewhere and realize that ultimately, it's the hackers that have caused this mess. There are just far far too many variables among the various companies that have had their security breached to be making blanket general statements pointing blame at a company as a whole...without at least considering the larger picture.

 
Reply Quote Edit Delete Report
 
20. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 17:35 Mashiki Amiketo
 
Krovven wrote on Jun 24, 2011, 16:52:
You think government(s) don't struggle with the same internet security issues game companies do? Do you think government networks with very private and sensitive information (far more-so that your password to a game site) have never been hacked? If you think that, you are very very naive.

Considering in government really secure stuff is in an offline network, and super top sekrit stuff is on stand alone machines that are padlocked in a steel chasis, with no inputs besides a keyboard and mouse. With only a monitor visible, and users are checked for cameras and other recording equipment before they can use those terminals. This happens in regular businesses too with proprietary information, and the most important is still stored in the oldest fashion. A persons head.

Pretending that there aren't ways to be secure is silly. But anyone who's worked as an admin in the past, is one, or maintains links to the community, knows that most IT security is a joke right now and usually the first place where budget cuts land. It's even more of a joke in the gaming industry unless they have a very good reason to maintain secure databases.

You might have also noticed that all of these attacks so far(can't say on biowares yet since I haven't looked into it), have all been via either known, or knowable breech points. And then there are the newbie 2000 mistakes, like plaintext pass tables, single hashing, no salting, open and unsanitized database inputs and the like.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
19. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 16:58 Verno
 
You don't seem to apply this stoic objectivity to other topics but whatever. The huge rash of these things hitting the gaming industry specifically doesn't really lead me to believe they are taking adequate precautions. You're to make your own conclusions (or not).  
Avatar 51617
 
Playing: Dragon Age Inquisition, Far Cry 4, This War of Mine
Watching: The Walking Dead, The Fall, As Above So Below
Reply Quote Edit Delete Report
 
18. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 16:52 Krovven
 
Cutter wrote on Jun 24, 2011, 16:12:
And when was the last time they had a security audit, if ever, Krowen? [sic]

You tell me seeing as you seem to be claiming you know...oh wait that's right you don't have a fucking clue. In Sony's case, if it was an internal staff member involved, then a security audit wouldnt necessarily out the problem if that person knows its coming. Drug tests aren't the be-all end-all for stopping doping in sports...what makes you think that would stop any security holes?

Banks have security audits...they still get robbed in broad daylight, despite security guards, alarms, camera, etc.

All these asshole companies cut expenses on essentials like security simply to pad the bottom line.

Ridiculous ignorant un-objective general statements like this is exactly what I've been referring to. While this may apply to some, certainly not all.

I think it's time for the gubment to step in and start setting some standards here.

Right...cus that has worked out so well for so many other industries in the past.

You think government(s) don't struggle with the same internet security issues game companies do? Do you think government networks with very private and sensitive information (far more-so that your password to a game site) have never been hacked? If you think that, you are very very naive.

 
Reply Quote Edit Delete Report
 
17. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 16:12 Cutter
 
And when was the last time they had a security audit, if ever, Krowen? All these asshole companies cut expenses on essentials like security simply to pad the bottom line. I think it's time for the gubment to step in and start setting some standards here. If private enterprise won't do it on their own, they should be made to do it.
 
Avatar 25394
 
"Bye weeks? Bronko Nagurski didn't get no bye weeks, and now he's deadů Well, maybe they're a good thing." - Moe
Reply Quote Edit Delete Report
 
16. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 15:31 Krovven
 
Verno wrote on Jun 24, 2011, 14:19:
but you're operating under the assumption that every precautionary measure was taken.

No, no I'm not. I'm quite objective about the whole thing. I'm just not as quick to place ALL the blame onto company X and talk shit about them when I don't know what had or had not been done. As I've said before, all the security in the world is not going to prevent something from happening if the person/group has the determination and resources behind them to do it.

A companies online security could be locked up tight, until someone (knowingly or unknowingly) plugs in a flash drive with a trojan on in it. It could have started as a phishing attack on an individual at home that leads to getting into the company network. A stolen laptop, iphone, ipad, a mole at a security firm...etc, etc.

The flip side, the IT employee(s) could be way in over their head and have holes open all over the place, unknown to the company as a whole. Or the company could just be winging it and have basic software protection.

I'm inclined to believe there is a whole lot of grey area, with many difference circumstance in each case. Objectivity and rational thought, is not something a lot of people on these forums are known for.

So I say something about it in hopes that people might think a little before continuing to post "X company has fucking shit security" every time there is another security breach.

For example it's recently come out that Sony laid off of several SOE employees including the NOC staff responsible for maintaining network security.

Forgot to touch on this...for all we know it was an inside job, disgruntled employee, etc. But they didn't have any concrete evidence against any one person, so they released everyone. This would have been out of Sony's control if it was an internal culprit.

With that said, maybe those people were let go due to no fault of their own as the tools Sony provided them were not up to the task of properly securing their network.

This comment was edited on Jun 24, 2011, 16:18.
 
Reply Quote Edit Delete Report
 
15. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 14:19 Verno
 
Blaming any individual of single company for their security is ignorance to the greater problem.

Not really a fair generalization, it doesn't seem like the industry in general has been taking information security very seriously. Obviously the recent trends will change that but you're operating under the assumption that every precautionary measure was taken. For example it's recently come out that Sony laid off of several SOE employees including the NOC staff responsible for maintaining network security. Whether that is directly the cause of the intrusion, it speaks to a larger problem where IT is viewed as a loss center to many companies. Gaming is a burgeoning industry and unfortunately that same short term profit attitude applies to many executives in the industry as well. That's without going into the fact that proper security measures don't rely on single points of failure.

Thankfully the past month has been a windfall of security related announcements so the industry has learned the hard way that these things erode consumer confidence and cost you money.

So you got the email stating they had been compromised, and instead of just changing your password, you are bitching about yours not being reset for some reason? Just change the password.

He doesn't seem to be bitching so much as simply stating a frustration. The standard procedure is to force the user to change their password but many companies login systems aren't advanced to facilitate this without old login information(using address/etc for verification).
 
Avatar 51617
 
Playing: Dragon Age Inquisition, Far Cry 4, This War of Mine
Watching: The Walking Dead, The Fall, As Above So Below
Reply Quote Edit Delete Report
 
14. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 14:08 tron
 
"We take the security of your information very seriously"
b.s.
if they did, all the hackers would gain would be encrypted files that would be useless to them
 
- tron -
---
"tron is big and tron is full of action... it's a hell of a ride!"
-from the Tron 2.0 box
Reply Quote Edit Delete Report
 
13. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 13:58 Krovven
 
GeneralAdmission wrote on Jun 24, 2011, 13:29:
Got the email last night as well. Ignored the link, went to the EA site, and (somewhat)surprisingly my old password worked. Still works this morning. So were passwords actually reset, as specified in the email, or am I just special?

EA Online, EA Account, EA Master ID, EA Store, now EA Origin...this company just can't figure out what they want to do. Now the icing on such frustration is the knowledge that they aren't exactly triple-A when it comes to security.

So you got the email stating they had been compromised, and instead of just changing your password, you are bitching about yours not being reset for some reason? Just change the password.

As for the logins, It's all under the same umbrella now. So for those that didn't know they had a Bioware account and received the email...you will want to change the password. This is the same user/pass you use for anything EA.

As for security...incase you've been living under a rock, there have been about a dozen attacks on various companies lately, probably plenty more that have gone undetected or unreported. There are obvious known security issues in the software that hackers are making use of to do the rounds on all these companies. Blaming any individual of single company for their security is ignorance to the greater problem.

 
Reply Quote Edit Delete Report
 
12. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 13:47 Acleacius
 
Got one. Yeah, it's frustrating how they are handling it. Rift does seem to have a pretty good system going in this regard, as many have mentioned before. Hopefully it will catch on with other Devs/Pubs.  
The people can always be brought to the bidding of the leaders.That is easy.All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger.It works the same way in any country.
Reply Quote Edit Delete Report
 
11. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 13:40 Darks
 
My password was reset, I tried Darkspore this morning just to see if it was legit. I was unable to login until I reset mine.  
Avatar 20498
 
Creator of the Neverwnter Nights Eye of the Beholder Series of Mods.

http://www.moddb.com/mods/eye-of-the-beholder-ii-ledgend-of-darkmoon
Reply Quote Edit Delete Report
 
10. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 13:40 Nomaar
 
The problem with all these hacking incidents is that I don't even remember the login/password information I used to create most of these gaming accounts. Some of them date from years ago.  
Avatar 15475
 
Reply Quote Edit Delete Report
 
9. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 13:29 GeneralAdmission
 
Got the email last night as well. Ignored the link, went to the EA site, and (somewhat)surprisingly my old password worked. Still works this morning. So were passwords actually reset, as specified in the email, or am I just special?

EA Online, EA Account, EA Master ID, EA Store, now EA Origin...this company just can't figure out what they want to do. Now the icing on such frustration is the knowledge that they aren't exactly triple-A when it comes to security.
 
Reply Quote Edit Delete Report
 
8. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 13:01 SpectralMeat
 
Frijoles wrote on Jun 24, 2011, 12:44:
info is all bogus anyway.
That is pretty much the way to go from now on with all these registrations everywhere. Can not trust/rely on any of these sites/services to keep your private info safe it seems.
 
Avatar 14225
 
Steam: SpectralMeat
Reply Quote Edit Delete Report
 
7. Re: Neverwinter Forum Hacking Apology Jun 24, 2011, 12:44 Frijoles
 
Meh, I ignored the email. I didn't even know I had an account. And if it was for their forums, then the info is all bogus anyway.  
Avatar 6700
 
Reply Quote Edit Delete Report
 
26 Replies. 2 pages. Viewing page 1.
< Newer [ 1 2 ] Older >


footer

Blue's News logo