Eidos and Deus Ex websites hacked, resumes and site registration emails obtained [update]
This past Wednesday, hackers reportedly broke into the Eidos and Deus Ex: Human Revolution websites, erecting an "Owned by Chippy1337" banner and signing some names and aliases below (a possible red herring). In IRC chat logs, obtained by former Washington Post reporter Brian Krebs, the hackers also claim to have stolen the personal data of "at least" 80,000 users. So, first things first: If you've registered on an Eidos site or with the Deus Ex site, now's the time to change your password (we should all be used to this by now).
Eurogamer has spoken with "Venuism," one of the hackers implicated in the theft, who clarified that the "src" (source code) the hackers allegedly obtained pertains to the Deus Ex website and not the actual game. As of this writing, the Deus Ex website still isn't back to normal, while Eidos.com, which was also apparently compromised, appears fine now. (Venuism maintains that he and the others listed below the banner have been set up by a rival group.)
Most troubling, Venuism suggested that the stolen user data -- the extent of which is unclear -- had already been leaked. We've contacted Eidos parent company Square Enix for an official comment on the situation.
Update: Square Enix has confirmed that Eidosmontreal.com and two of its product sites were compromised. The company states that 350 job applicant resumes "may have been accessed" and those individuals are being contacted. Furthermore, 25,000 email addresses, which were "not linked to any additional personal information" were obtained. Read the full Square Enix statement after the break.
Square Enix statement:
"Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again. Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation. In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates. No dissemination or misappropriation of any other personal information has been identified at this point. We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident."
