back to article BioWare latest hack victim

Electronic Arts, owner of BioWare, is asking users of the Neverwinter Nights forums to re-register on the site after hackers stole several thousand accounts. neverwinterscreenshot An email from BioWare GM and Electronic Arts veep Aaryn Flynn said no credit card or social security numbers had been pinched: "However, hackers …

COMMENTS

This topic is closed for new posts.
  1. liquidphantom
    Mushroom

    Please...

    somebody shoot these f**kers in the head! and then b*tch slap the companies for have such lax security.

  2. TheProf Silver badge
    FAIL

    Fail

    This article failed to mention Sony.

  3. b166er
    WTF?

    Utter fail

    liquidphantom, let me get this straight.

    On the one hand, you're saying 'b*tch slap' the companies for such lax security and on the other you're saying 'shoot the f**kers' who are 'b*tch slapping' the companies for such lax security?

    1. Thomas 4

      Seems like a reasonable policy to me

      Kill everyone involved in this sordid affair and start from the ground up.

      1. Marvin the Martian
        Paris Hilton

        ... Starting with the users.

        They either chose bad passwords or accepted lax security.

  4. Lennart Sorensen
    WTF?

    I wonder.

    I really hope they didn't mistake me legitimately logging into my account a few days ago (trying to download the latest patch to NWN which I was having trouble finding on my machine) with the idea of someone hacking the system.

    I just followed the link in an email from when I bought stuff from the old bioware store (which unfortunately isn't there anymore, so I can't redownload the add on modules I had bought some years ago. Oh well hopefully I can find them somewhere on one of my disks). Plenty of broken links on the old forum server unfortunately.

    Sure would be nice if they would keep all the patches around on their new support server, but apparently they don't care about older games they released anymore.

  5. trarch
    Flame

    FFS

    Please tell me they were using at least salted hashes.

    Why is it every one of these large companies are apparently hiring complete idiots? I just don't understand, this is such basic stuff. Is there something I'm missing?

    1. CD001

      Yes...

      The thing you are missing, in this case, is that the NWN forums are 10-year old legacy systems - probably some really old version of vBulletin or something that hasn't been patched in almost a decade (though to be fair, I can't be arsed to look).

  6. HiTechBrew.com
    Thumb Up

    What about the end users?

    What do we the end users need to do to secure our data, passwords, credentials etc?

    I can relate to both liquidphantom and b166er comments. I also had to laugh at b166er, because he's right. Which do you want.

    None the less, what do we do? We can point fingers all day but one of the weakest points in security is ourselves and our crappy security. Studies find most people use the same password for both serious web use like banking and for recreational web use. If you do, all it takes is one of these breaches to gain the keys needed to access all your accounts.

    Use complex pass phrases - Try the techniques near the end of this article for easy ways to create unique and strong pass phrases you can remember. http://wp.me/p1rE6R-4O

    I also recommend using LastPass for multiple reasons. First off, its free! One of the other big advantages is its ability to help you easily create and manage strong, unique passwords for as many web accounts and services as you may need. You can see a review here http://wp.me/p1rE6R-dO

    David

    1. Anonymous Coward
      FAIL

      Mr Natural sez. . .

      encryption don' mean shit . . . when the issue is man-in-the-BROWSER attacks. They even say in their own forums -- when forced to admit it -- that you should not use LastPass on an infected PC, that LastPass is not a security product, and that security is best left to the big players in that business.

      It is a convenience, and that has long proven to be inversely proportional as security. You are insane to trust your passwords to such a --- ah, screw it. Convenience trumps all.

  7. Anonymous Coward
    WTF?

    Storing passwords in the clear

    How long before we get some laws to make the storing of passwords in the clear (or encoded in such a way that they can be trivially recovered) illegal?

    They need to start assuming that any perimeter security is going to be breached, so make sure there's nothing valuable to steal.

    1. Trevor 3
      Unhappy

      Storing passwords in the clear

      Ok, I agree with you on clear text passwords, but for passwords that can be trivially recovered?

      What is securely encrypted today, is tomorrows trivially encrypted stuff. All it takes is time and power, and they are both growing exponentially to the home user.

      And who would decide how securely encrypted something is....MPs? Don't make me laugh.

      1. Anonymous Coward
        Anonymous Coward

        Re: Storing passwords in the clear

        Trevor 3, "What is securely encrypted today, is tomorrows trivially encrypted stuff"

        But it was you that assumed I said "encrypted".

        ENcrypted implies they can be DEcrypted, which would be bad. That's why (properly salted etc) hashes are a much better strategy for password comparison. Please read what I write before going off on one.

        And if there's no way to 'draw the line' at what's 'good enough', simply add transparency, so mandate that beside every password box there's a link to info about how it's stored - and let the market decide.

        1. Trevor 3
          Pint

          terribly sorry

          You said ENcoded. Which also suggests they can be DEcoded. Pedant.

          Also wasn't getting at you directly (you are anon after all how could I?) I was just making the point that anything man can code, encrypt and lock, man can decode, decrypt and unlock. It's just a matter of time, no matter how salty you make it.

          As for your mandate idea...are you suggesting that there are no rules? Just customer feedback?

          Don't you think that users will go for shiny and usability instead of security?

          I've got you a beer. this story is old anyway... :-)

  8. Anonymous Coward
    Facepalm

    Another day, another significant hack.....

    I dont know whether to get depressed or start buying IT security company stocks.....

  9. Anonymoose
    Trollface

    Since it's Bioware..

    "GO FOR THE IIS, BOO!"

    1. MrDamage
      Meh

      Since Bioware is now owned by EA

      "A den of stinking evil, cover your nose Boo"

      But I plan to leave their crevices untouched.

  10. Kevin Johnston
    Unhappy

    Legacy accounts

    Well, even though I had an account with the old NWN site, I can be fairly sure I'm safe as when they setup the new stuff my account was supposed to be migrated but got thoroughly trashed.

    Of course, knowing my luck it would work perfectly for hackers.....mutter mutter mutter

  11. b166er
    Boffin

    Solution?

    Make any site requiring registration, clearly state how they store your details. Then you can either decline to register or sue the bastards when you find out they lied. Simples

  12. Adrian Esdaile
    Flame

    no, not credit card details, but...

    they WILL have got the serial numbers for games we registered there - at Bioware's demand.

    So now our serial numbers are out in the wild on warez sites as valid serials, we get banned from online servers, we paid for their games, now we can't use or install them. Thanks.

    Hey Bioware.... I vowed to never buy Sony again after their cockup, guess who just joined the list?

  13. DragonKin37
    FAIL

    If u read my post on LulzSec's attack on EVE online

    This is what I posted last night:

    What gaming company will be Lulzsecs next target.

    A - Blizzard/Activison

    B - Vaulve

    C- EA

    D - Bungie

    Make your selctions at anytime!

    So it was C!...

    1. serviceWithASmile
      Trollface

      if u read my post...

      shameless pearoast.

      Having EA as a choice is a bit of a cop-out, considering they own a good 20 or so game companies, many of which the size of bungie.

      and this *was* an old legacy forum thing rather than ea as a whole.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022