Coming on the heels of one of the largest thefts of personal identification information from the Sony PlayStation Network, hackers have once again hit the gaming community. On this past Wednesday, the websites for Deus Ex: Human Revolution and Eidos Interactive were both defaced by a group claiming to be part of Anonymous. With the conspiracy themes that drive Deus Ex, one could have mistakenly believed that a viral marketing campaign may have been afoot. The alleged theft of 9,000 resumes from Eidos Interactive and information for at least 80,000 Deus Ex registrants unfortunately proves otherwise. Also, the marketing department at Eidos Montreal probably would have gone for something a little more creative than what actually appeared on the site:
After the above defacement appeared, the DX:HR Web site, user forum, and Eidos.com went down for a few hours on Thursday morning. According to Brian Krebs of KrebsOnSecurity.com, the hackers discussed, via Internet Relay Channels previously run by hacktivist group Anonymous, releasing the poached information on file-sharing networks.
According to the IRC logs, which you can read in full here, the individuals listed on the defacement page apparently were being set up by other hackers. Whatever the intent, it is a small comfort to those who may have lost their personal information. Today, Square Enix, the parent company of Eidos Montreal, issued the following statement regarding the scope of the security intrusion:
Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.
Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation. In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates.
No dissemination or misappropriation of any other personal information has been identified at this point.
We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident.
If Square Enix is correct, then hopefully those users who have been affected will only have to deal with more spam in the upcoming months. Still, the increase in successful security intrusions is becoming a larger concern for the gaming community as these attacks are likely to continue until some of the culprits are prosecuted.
Will these recent attacks make you think twice about providing your personal or financial information to gaming companies?