Saturday, May 14, 2011

Eidos And Deus Ex Websites Attacked By Hackers -- Square Enix Confirms Data Breach


The websites for Eidos and Deus Ex: Human Revolution have been attacked by hackers. Square Enix has now confirmed the attack and that personal data has been compromised.
“Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again,” Square Enix said in a statement to VG247.
The statement continued detailing the type of data that was compromised. 25,000 email addresses and resumes from Eidos employees were accessed.  However Square Enix denies that any credit card data was taken.
“Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation.”
Sqaure Enix made no indication they knew who was responsible for the attack but according to KrebsOnSecurity the hackers may be part of  a "splinter cell of the hacktivist group Anonymous." They managed to access chatlogs from the hackers indicating they had stolen personal information from 80,000 Deus Ex users with intent to "release the data on file-sharing networks." The hackers claim to have accessed 9,000 resumes from Eidos although Sqaure Enix stated the number of resumes accessed was 350. The hackers claim to be leaking "src" which some believe means source code for Eidos' games websites.
From KrebsOnSecurity.com

"For several hours early Thursday morning, the Deus Ex Web site, user forum, and Eidos.com were unreachable. For a brief period late Wednesday evening, the sites displayed a defacement banner that read “Owned by Chippy1337", along with several names and hacker handles of those supposedly responsible for the break-in.
KrebsOnSecurity.com obtained an archived copy of the attackers’ online chatter as they were covering their tracks from compromising the sites. A hacker using the alias “ev0" discusses having defaced the sites and downloading some 9,000 resumes from Eidos. ev0 and other hackers discuss leaking “src,” which may refer to source code for Deus Ex or other Eidos games. In a separate conversation, the hackers also say they have stolen information on at least 80,000 Deus Ex users and that they plan to release the data on file-sharing networks.
Neither Eidos nor its parent company Square Enix Co. could be immediately reached for comment. (This may not be the first time Eidos was breached: In a story I wrote earlier this year, I detailed how hackers on an underground criminal forum claimed to be selling access to Eidos’ customer database)."
As of now we do not know who was responsible nor what their motive was.

No comments:

Post a Comment