Sections

Personal data stolen from Eidos, Deus Ex websites

UPDATE: 350 résumés may have been accessed, 25,000 email addresses

The websites for Deus Ex: Human Revolution and publisher Eidos have been hacked, with user information and unidentified source code stolen.

Although currently both websites appear unaffected, website KrebsOnSecurity claims that 9,000 résumé were stolen and the personal information of approximately 80,000 registered users of the website.

Logs taken from the alleged hackers' chatroom show discussion of leaking "src", likely shorthand for source code. This is unlikely to refer to Deus Ex or any other game though, but instead the website itself. The hackers also discuss leaking the user information itself.

The hackers appear to be a splinter group from hacktivist collective Anonymous, which is reported to be undergoing internal strife - with members now regularly targeting each other.

Both Sony and some members of Anonymous have implicated a splinter group in the security breach of PlayStation Network.

UPDATE: According to a statement reprinted on our sister site Eurogamer.net, Eidos has confirmed that 350 resumes "may have been accessed" and up to 25,000 email addresses were obtained as a result of the breach, but no "dissemination or misappropriation of any other personal information has been identified at this point."

The full statement follows:

"Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites.

"We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.

"Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio.

"Regrettably up to 350 of these résumés may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation.

"In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates.

"No dissemination or misappropriation of any other personal information has been identified at this point.

"We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident."

Related stories

Ian Livingstone awarded CBE

"I'm unbelievably happy, proud and delighted"

By Rachel Weber

Broadband speed holding industry back, says Eidos head

Ian Livingstone says latency, download times hampering transition to games-as-a-service

By Brendan Sinclair

Latest comments (17)

James Prendergast Research Chemist 5 years ago
I can see some justification (not that i necessarily agree with it) in some of the other hacks.... This one though? I just can't see any reason from any angle to do this.... other than, "Because we can!". Really crap.
0Sign inorRegisterto rate and reply
Stephen McCarthy Studying Games Technology, Kingston University5 years ago
how long untill steam is next?
0Sign inorRegisterto rate and reply
Stephen McCarthy Studying Games Technology, Kingston University5 years ago
well there hacks left and right going on, and lots of personal information there. And Valve did get hack before with a HL2 SC getting out before the game was done.

Edited 2 times. Last edit by Stephen McCarthy on 13th May 2011 10:10am

0Sign inorRegisterto rate and reply
Show all comments (17)
gi biz ;,pgc.eu 5 years ago
I think there's something to learn for everyone from the recent events. The big question here is: WTH did they store 80k cvs??? Is that a collection, a trophy, a perversion...? Were they planning on hiring even just the half of those? This is common sense guys!
0Sign inorRegisterto rate and reply
Matthew Eakins Technical Lead, HB-Studios5 years ago
@Michele You've never heard the line 'We will keep your resume on file and contact you when a position becomes available.'? Well, apparently they meant that literally :)
0Sign inorRegisterto rate and reply
Matthew Eakins Technical Lead, HB-Studios5 years ago
Does anyone else think that Anonymous is the new internet boogyman now to be blamed for all of the internet ills? 'I've been hacked, it must be Anonymous!'.
0Sign inorRegisterto rate and reply
Josef Brett Animator 5 years ago
Enough is enough surely? Can't these people just stop now. They're ruining it for everyone.

0Sign inorRegisterto rate and reply
Alan Pliskin5 years ago
@Josef,
Hacking for security prevention / testing is good.
If Anon was actually helping finding these holes instead of exploiting them and stealing personal information, they would be on par with Wikileaks in terms of necessity.
0Sign inorRegisterto rate and reply
Bernard Desmons Product Manager Online, Ubisoft Montreal5 years ago
@Michele 80K is the personal information, cv is 9K
0Sign inorRegisterto rate and reply
Andrzej Wroblewski Localization Generalist, Albion Localisations5 years ago
Hint: Anonymous = Anyone. It was bound to happen at some point. When you go to a store to buy some food, nobody asks you for your name, address, etc. It's the personal data which enables corporations to effectively stop pursuing quality and fill the profit gap with targeted marketing. So, I guess hackers are just the voice of the people, saying:

"You've crossed the line... You can review your goals, and start treating customers better -- or we will review your data".

At least that's how I see this.

I've said it before, and I'll keep repeating it. This series of events shouldn't be viewed upon as a risk to the industry. It's a great CHANCE for some companies to put up a word, that they've heard the message, and they are going to make a revolutionary step towards quality (stop publishing games in pre-beta state, provide better localisation, review pricing policies, etc...). Those who do not comply and keep enforcing their corpo BS -- will simply go down in a few years. Hackers have perfect understanding of all the financial instruments, and know exactly where to hit, so that it'll hurt.

Edited 1 times. Last edit by Andrzej Wroblewski on 13th May 2011 5:24pm

0Sign inorRegisterto rate and reply
gi biz ;,pgc.eu 5 years ago
@Matthew: yeah, but I never thought they did it for real - honestly, who got called back 6 months later? (aside from agencies)

@Bernard: wops, my bad... 8k seems to fit the 6-months period more realistically, but it's still a big number and I wouldn't bother keeping all those informations if I knew I don't need the most of it.
0Sign inorRegisterto rate and reply
Kirill Yarovoy Game designer / Narrative designer / Writer 5 years ago
I dont think tha apology is enough for people which personal information (including home phones and home and job addresses) was stolen. Every of those 350 applicants can sue Eidos and win few 1000 $ easy.
0Sign inorRegisterto rate and reply
Jamie Watson Studying Bachelor of Games & Interactive Entertainment, Queensland University of Technology5 years ago
this isnt good at all,

people shouldnt do this.

im just happy i didnt put my resume in the edios...
0Sign inorRegisterto rate and reply
Eugene Tan5 years ago
Companies that can't keep your personal details secure should not be asking for it in the first place. Having resumes leaked is much more damaging than having your account detail/credit card detail stolen. You can create new account and cancel your credit cards if and when it gets stolen. But if your resume gets leaked, there is no way to repair the damage.

To be honest, there is no justification in the splinter group's attack this time around. However, the hacking did shed light on one thing: How easy it is to crack a company's website security. Makes you wonder how many other websites out there that stores your personal details are as easily hackable as this one.
0Sign inorRegisterto rate and reply
Michael Vandendriessche Studying Computer Science, K.U. Leuven5 years ago
hacking seems to be a popular subject lately. I definitely disagree with the hackers' actions. At least we'll start seeing better security measures now.
0Sign inorRegisterto rate and reply
Florian Dhesse Creative Diretor, Kabam5 years ago
Eugene, you consider the resume too highly. Many professionals in plenty of industries have their resume on Linkedin, accessible to anyone. I really don't see where is the damage.
As for ppl being surprised that HR store resume... it's just common sense. I often interviewed candidates that I couldn't hire at the moment and requested their resume again few months later to HR.
0Sign inorRegisterto rate and reply
Alex Timlin Senior Digital Consultant, emarsys5 years ago
@Andrzej I agree with your sentiments but totally don't understand your viewpoint.

You treat customers better by understanding them, in the case of Playstation that means trying to keep tens of millions of customers happy. Understanding tens of millions of customers means looking at DATA, analyzing trends and applying then to not just marketing but r&d.

Increasing the level of hacking with the sole aim to say, 'your data is not safe anywhere, with anyone at any time' is totally counterproductive in terms of your own goal - which is no doubt similar to some of the hacking community.

It's like punching an old man in the face to prove how frail the human body is

0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.