Anonymous splinter group blamed for Eidos hack

An Anonymous splinter group is suspected of conducting a hack and extract attack against Eidos Interactive servers.

Indeed, the Deus Ex and Eidos web sites – along with the user forum – were down for at least several hours on Thursday morning. 

The pwned sites had previously displayed a banner that read “Owned by Chippy1337” and listed several names of those purportedly responsible for the digital infiltration.

Security analyst Brian Krebs – who claims to have obtained an archived copy of the attack chat log – says hackers discussed defacing the site, downloading 9,000 resumes, leaking game “src” code and stealing data on at least 80,000 Deus Ex users.

“The attack seems to have been engineered by a faction of the hacker collective that recently seized control over Internet relay chat (IRC) channels previously used by Anonymous to help plan and conduct other, high-profile attacks,” Krebs explained.

“According to several news sites which covered that coup, the Anonymous control networks were taken over by a 17-year-old hacker from the United Kingdom who uses the handle ‘Ryan.’ Also in the channel discussing the defacement and theft of the Deus Ex database are hackers ‘ev0,’ ‘nigg’ and ‘e,’ screen names of Anonymous sympathizers who have been connected with Ryan’s recent coup.”

Krebs also noted that the anonymous splinter appears to be breaking apart, “turning on each other and framing one another” for the Eidos attack.  

“In the defacement message left on, ev0 and nigg finger Ryan in the hack, even using his supposed real name (Ryan Cleary). 

“[In addition], Anonymous organizers angry over Ryan’s activities recently ‘doxed’ him – publishing documents including his full name, home address, phone number and Skype handle, among other details.”

Meanwhile, Square Enix has issued an official statement about the incident, which can be read in full below:

“Square Enix can confirm a group of hackers gained access to parts of our website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again. 

“ does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation.

“We have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates. No dissemination or misappropriation of any other personal information has been identified at this point. We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident.”