Eidos Websites Hacked

Along with the official website of the upcoming Deus Ex: Human Revolution. Fortunately, the game itself isn’t compromised, but the same cannot be said for the users that have registered at Eidosmontreal.com and two other product websites, which Square-Enix has declined to mention:

“Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again. Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation. In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates. No dissemination or misappropriation of any other personal information has been identified at this point. We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident.”

I have noticed however, that Hitman’s website appears to be compromised as well, so heads up on that one.

As you can see from the picture at the top, the hackers have listed their credentials on the website. Though, according to Venuism in an interview with Eurogamer, the hack was an apparent set up for his group and the real culprits remain in the shadows:

“We are being blamed/framed because we share a history with some of the people responsible for this hack, the main perpetrator “ev0” aka “xyz” has a vendetta against us over this history. The reasoning behind it was most likely that he thinks we will get into trouble with authorities.

He also goes on to state that one of his friends actually warned Eidos beforehand of an imminent attack, but was rebuffed. Venuism ends by reaffirming that the attack was meant to frame them and that these are not their methods:

“[We] do not want to hurt people around the internet. That’s not our style. We are not ‘whitehats’, but we will not scam you, steal credit cards and do dirty stuff with them.”

You can see a sample of the chat logs at Krebsonsecurity below.