Lost Resumes, Email Addresses As Hackers Break in Computer Game Giant

Jay Decenella, IT audit expert
May 14, 2011 /

More than 25,000 email addresses and 35 resumes have been stolen by a group of hackers that breached the security of computer game giant Eidos Interactive.

Security researchers observed that the hackers defaced its Web sites, including “Deus Ex: Human Revolution”, on Wednesday evening with a defacement banner that read “Owned by Chippy1337″.

The data breach comes hard on the heels of a major compromise on Sony earlier this month that affected its PlayStation Network, with at least 77 million records having been lost on top of the 24.5 million records related to Sony Online Entertainment users.

According to Steve Watts, co-founder of SecurEnvoy that commissioned a research on computer game companies in Europe, Sony’s reputation has been tattered following the significant decline in the price of card credentials due to the data breach.

The compromised data included names, addresses, email addresses, gender, birth dates, phone numbers, log-in names and hashed passwords, 12,700 credit and debit cards and expiration dates of non-US customers and 10,700 direct debit accounts for Germany, Austria, Netherlands and Spain users.

Eidos parent company Square Enix confirmed the attack, saying it promptly took down the compromised sites to look closely into what had transpired and what had been accessed.

Square Enix assured customers that no credit card information or code data submitted by people interested in jobs at the studio was included in Eidosmontreal.com, one of the compromised Web sites.

The company added that the email addresses are not linked to any additional information other than that they were provided by users who opted to receive product updates.

Security researcher Brian Krebs claimed the attack on the computer game giant appeared to come from “a splinter cell of the hacktivist group Anonymous,” which was also blamed for the Sony data breach.

“For several hours early Thursday morning, the Deus Ex Web site, user forum, and Eidos.com were unreachable,” Krebs noted, adding that the sites displayed several names and hacker handles of those supposedly responsible for the break-in.

Krebs was able to obtain an archived copy of the attackers’ online chatter when they covered their tracks from compromising the sites.

“A hacker using the alias ‘ev0′ discusses having defaced the sites and downloading some 9,000 resumes from Eidos. ev0 and other hackers discuss leaking ‘src’, which may refer to source code for Deus Ex or other Eidos games,” he said.

“In a separate conversation, the hackers also say they have stolen information on at least 80,000 Deus Ex users and that they plan to release the data on file-sharing networks,” Krebs added.

According to Krebs, it was possible that the attack has been “engineered by a faction of the hacker collective that recently seized control over Internet relay chat (IRC) channels previously used by Anonymous to help plan and conduct other high-profile attacks.”

The Anonymous control networks were taken over by a 17-year-old hacker from the United Kingdom who uses the handle “Ryan”, Krebs noted.

On the other hand, Graham Cluley, Sophos technology consultant, warned that “if your email address is one of the 25,000 that has been stolen, you could receive a scam email (perhaps containing a malicious link or attached Trojan horse) that pretends to come from a video game company.”

Cluley also described the stolen resumes as “god-send to identity thieves interested in defrauding internet users.”

The computer game giant said in a statement that it takes the security of its Web sites “extremely seriously,” adding that it employs strict measures, which it tests regularly “to guard against this sort of incident.”

 

Share your opinion