Close
Are you sure? Are you sure you want to report this comment? I understand, report it. Cancel

Personal data stolen from Eidos, Deus Ex websites

Fri 13 May 2011 8:11am GMT / 4:11am EDT / 1:11am PDT
Online

UPDATE: 350 résumés may have been accessed, 25,000 email addresses

The websites for Deus Ex: Human Revolution and publisher Eidos have been hacked, with user information and unidentified source code stolen.

Although currently both websites appear unaffected, website KrebsOnSecurity claims that 9,000 résumé were stolen and the personal information of approximately 80,000 registered users of the website.

Logs taken from the alleged hackers' chatroom show discussion of leaking "src", likely shorthand for source code. This is unlikely to refer to Deus Ex or any other game though, but instead the website itself. The hackers also discuss leaking the user information itself.

The hackers appear to be a splinter group from hacktivist collective Anonymous, which is reported to be undergoing internal strife - with members now regularly targeting each other.

Both Sony and some members of Anonymous have implicated a splinter group in the security breach of PlayStation Network.

UPDATE: According to a statement reprinted on our sister site Eurogamer.net, Eidos has confirmed that 350 resumes "may have been accessed" and up to 25,000 email addresses were obtained as a result of the breach, but no "dissemination or misappropriation of any other personal information has been identified at this point."

The full statement follows:

"Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites.

"We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.

"Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio.

"Regrettably up to 350 of these résumés may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation.

"In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates.

"No dissemination or misappropriation of any other personal information has been identified at this point.

"We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident."

18 Comments

James Prendergast
Research Chemist

730 410 0.6
I can see some justification (not that i necessarily agree with it) in some of the other hacks.... This one though? I just can't see any reason from any angle to do this.... other than, "Because we can!". Really crap.

Posted:2 years ago

#1

Stephen McCarthy
Studying Games Technology

205 0 0.0
how long untill steam is next?

Posted:2 years ago

#2

Dolly Palton
freelance artist

47 9 0.2
@Stephen: Any particular reason to think about steam more than any other day of the week?

Posted:2 years ago

#3

Stephen McCarthy
Studying Games Technology

205 0 0.0
well there hacks left and right going on, and lots of personal information there. And Valve did get hack before with a HL2 SC getting out before the game was done.

Edited 2 times. Last edit by Stephen McCarthy on 13th May 2011 10:10am

Posted:2 years ago

#4

gi biz
;,pgc.eu

341 51 0.1
I think there's something to learn for everyone from the recent events. The big question here is: WTH did they store 80k cvs??? Is that a collection, a trophy, a perversion...? Were they planning on hiring even just the half of those? This is common sense guys!

Posted:2 years ago

#5

Matthew Eakins
Technical Lead

47 7 0.1
@Michele You've never heard the line 'We will keep your resume on file and contact you when a position becomes available.'? Well, apparently they meant that literally :)

Posted:2 years ago

#6

Matthew Eakins
Technical Lead

47 7 0.1
Does anyone else think that Anonymous is the new internet boogyman now to be blamed for all of the internet ills? 'I've been hacked, it must be Anonymous!'.

Posted:2 years ago

#7

Josef Brett
Animator

296 0 0.0
Enough is enough surely? Can't these people just stop now. They're ruining it for everyone.

Posted:2 years ago

#8

Alan Pliskin

2 0 0.0
@Josef,
Hacking for security prevention / testing is good.
If Anon was actually helping finding these holes instead of exploiting them and stealing personal information, they would be on par with Wikileaks in terms of necessity.

Posted:2 years ago

#9

Bernard Desmons
Product Manager Online

1 0 0.0
@Michele 80K is the personal information, cv is 9K

Posted:2 years ago

#10

Andrzej Wroblewski
Computer Games Translator

86 43 0.5
Hint: Anonymous = Anyone. It was bound to happen at some point. When you go to a store to buy some food, nobody asks you for your name, address, etc. It's the personal data which enables corporations to effectively stop pursuing quality and fill the profit gap with targeted marketing. So, I guess hackers are just the voice of the people, saying:

"You've crossed the line... You can review your goals, and start treating customers better -- or we will review your data".

At least that's how I see this.

I've said it before, and I'll keep repeating it. This series of events shouldn't be viewed upon as a risk to the industry. It's a great CHANCE for some companies to put up a word, that they've heard the message, and they are going to make a revolutionary step towards quality (stop publishing games in pre-beta state, provide better localisation, review pricing policies, etc...). Those who do not comply and keep enforcing their corpo BS -- will simply go down in a few years. Hackers have perfect understanding of all the financial instruments, and know exactly where to hit, so that it'll hurt.

Edited 1 times. Last edit by Andrzej Wroblewski on 13th May 2011 5:24pm

Posted:2 years ago

#11

gi biz
;,pgc.eu

341 51 0.1
@Matthew: yeah, but I never thought they did it for real - honestly, who got called back 6 months later? (aside from agencies)

@Bernard: wops, my bad... 8k seems to fit the 6-months period more realistically, but it's still a big number and I wouldn't bother keeping all those informations if I knew I don't need the most of it.

Posted:2 years ago

#12

Kirill Yarovoy
Game designer / Narrative designer / Writer

41 5 0.1
I dont think tha apology is enough for people which personal information (including home phones and home and job addresses) was stolen. Every of those 350 applicants can sue Eidos and win few 1000 $ easy.

Posted:2 years ago

#13

Jamie Watson
Studying Bachelor of Games & Interactive Entertainment

179 0 0.0
this isnt good at all,

people shouldnt do this.

im just happy i didnt put my resume in the edios...

Posted:2 years ago

#14

Eugene Tan

2 0 0.0
Companies that can't keep your personal details secure should not be asking for it in the first place. Having resumes leaked is much more damaging than having your account detail/credit card detail stolen. You can create new account and cancel your credit cards if and when it gets stolen. But if your resume gets leaked, there is no way to repair the damage.

To be honest, there is no justification in the splinter group's attack this time around. However, the hacking did shed light on one thing: How easy it is to crack a company's website security. Makes you wonder how many other websites out there that stores your personal details are as easily hackable as this one.

Posted:2 years ago

#15

Michael Vandendriessche
Studying Computer Science

84 10 0.1
hacking seems to be a popular subject lately. I definitely disagree with the hackers' actions. At least we'll start seeing better security measures now.

Posted:2 years ago

#16

Florian Dhesse
Senior Game Design Manager

7 0 0.0
Eugene, you consider the resume too highly. Many professionals in plenty of industries have their resume on Linkedin, accessible to anyone. I really don't see where is the damage.
As for ppl being surprised that HR store resume... it's just common sense. I often interviewed candidates that I couldn't hire at the moment and requested their resume again few months later to HR.

Posted:2 years ago

#17

Alex Timlin
Senior Digital Consultant

1 0 0.0
@Andrzej I agree with your sentiments but totally don't understand your viewpoint.

You treat customers better by understanding them, in the case of Playstation that means trying to keep tens of millions of customers happy. Understanding tens of millions of customers means looking at DATA, analyzing trends and applying then to not just marketing but r&d.

Increasing the level of hacking with the sole aim to say, 'your data is not safe anywhere, with anyone at any time' is totally counterproductive in terms of your own goal - which is no doubt similar to some of the hacking community.

It's like punching an old man in the face to prove how frail the human body is

Posted:2 years ago

#18

Login or register to post

Take part in the GamesIndustry community

Register now