Eidos and Deus Ex sites hacked, 80,000 users' data stolen
The Deus Ex site and Eidos.com were defaced and taken down yesterday when a splinter group of the hacker organisation Anonymous broke through Square Enix security to steal the personal data of more than 80,000 registered users.
According to IRC chat logs of the hackers' conversations unearthed by Krebs On Security, they plan to release the information on file sharing networks, and are recorded discussing whether to release the "src" as well. It's unclear whether they mean the website source code, or that of one of Eidos' games.
Visitors to DeusEx.com logging on to the site yesterday will have seen the above message, left by the hackers after the attack. According to the hackers' IRC chat logs, the names credited with the hack belong to a series of Anonymous members disliked by the real culprits, evo and @n. It's unclear whether the attack had a real purpose, but the outcome could have been worse than data theft, as his excerpt from the hacker chat suggests. Krebs On Security have the rest of the chat log here.
[16:07] evo: one thing that would be funny
[16:07] evo: i write a nasty virus
[16:07] evo: that will bsod on startup
[16:07] evo: fuck up all your drivers
[16:07] evo: delete tons of files
[16:07] evo: forkbom on start
[16:07] evo: etc
[16:08] evo: we put that in an exploit kit
[16:08] evo: on the main page
[16:08] evo: there security will be responsible
[16:08] evo: for like
[16:08] evo: thousands of fucked up computers
[16:08] evo: and it would make the news
Square Enix hasn't yet commented on the hack, which also saw 9,000 resumes stolen. The affected sites are now back up. If you are a registered user at Eidos.com or Deus Ex, it might be a good idea to change your passwords.
Anonymous have also been implicated by Sony in the recent attack on the Sony Online Entertainment and Playstation networks. The hacking group denied responsibility, but has suffered from infighting in the past few weeks. Anonymous veterans have told The Financial Times that it's likely that the attacks were committed by rogue members of the organisation.
“If you say you are Anonymous, and do something as Anonymous, then Anonymous did it,” one member told the FT, “Just because the rest of Anonymous might not agree with it, doesn’t mean Anonymous didn’t do it.”
The attack is another blow to Square Enix, who recently amended their financial reports in the aftermath of the Japan earthquake to reflect the "extraordinary loss" the company has suffered. The company made a loss of $148 million/£90.6 million in the last year, with sales down 35%.