Personal data stolen from Eidos, Deus Ex websites
UPDATE: 350 résumés may have been accessed, 25,000 email addresses
The websites for Deus Ex: Human Revolution and publisher Eidos have been hacked, with user information and unidentified source code stolen.
Although currently both websites appear unaffected, website KrebsOnSecurity claims that 9,000 résumé were stolen and the personal information of approximately 80,000 registered users of the website.
Logs taken from the alleged hackers' chatroom show discussion of leaking "src", likely shorthand for source code. This is unlikely to refer to Deus Ex or any other game though, but instead the website itself. The hackers also discuss leaking the user information itself.
The hackers appear to be a splinter group from hacktivist collective Anonymous, which is reported to be undergoing internal strife - with members now regularly targeting each other.
UPDATE: According to a statement reprinted on our sister site Eurogamer.net, Eidos has confirmed that 350 resumes "may have been accessed" and up to 25,000 email addresses were obtained as a result of the breach, but no "dissemination or misappropriation of any other personal information has been identified at this point."
The full statement follows:
"Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites.
"We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.
"Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio.
"Regrettably up to 350 of these résumés may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation.
"In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates.
"No dissemination or misappropriation of any other personal information has been identified at this point.
"We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident."