EMails, Resumes Stolen in Eidos Website Hack
The official websites of both Eidos and Deus Ex were hacked earlier this week and Square Enix has now confirmed that, as a result, some user data has fallen into the hands of hackers.
Krebs on Security reported yesterday that the hacking might have been carried out by members of Anonymous, the same group that is allegedly responsible for last months PlayStation Network attack. Its unclear if either event was actually perpetrated by Anonymous, which is currently experiencing an internal war of sorts.
No matter who is to blame, the hacking resulted in the image above replacing the Deus Ex website. Claims of 80,000 Deus Ex users data being stolen along with 9,000 resumes from Eidos have been made; parent company Square Enix says its far less in reality.
There had also been a mention of stolen "src," thought by some to be referring to the source code for the upcoming Deus Ex: Human Revolution. Eurogamer reports that a source who claims to be involved with the group explained "src" was actually referring to the websites source code -- a much preferred scenario, given what happened when Half-Life 2s source code made it onto the Web. The source, going by the name Venuism, also said he and others tried to warn Eidos and that they are now "being blamed/framed because we share a history with some of the people responsible for this hack." He believes Gnosis is responsible for the Eidos hacking, the same group that hacked Gawker last year.
Square Enixs official statement on the matter says that as many as 25,000 e-mail address of users (which "are not linked to any additional personal information") were stolen along with up to 350 resumes submitted to Eidos. Thats terribly unfortunate as these are people just looking for a job. Square Enix says its "in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation."
The full statement follows below.
Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.
Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation. In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates.
No dissemination or misappropriation of any other personal information has been identified at this point.
We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident.