Anonymous members are now being accused of tagging websites owned by European game developer Eidos Interactive with virtual graffiti and snatching user info from the company’s database.
Security news site KrebsOnSecurity posted the news that three sites affiliated with Eidos Interactive were targeted: Eidos.com, deusex.com and the upcoming game’s official forum. In addition, it claims to have found chat logs from the hackers involved in the attack.
“Ryan,” who made headlines this week for hitting AnonOps with DDoS attacks in the midst of an apparent takeover, was implicated in the Eidos breach thanks to an obvious calling card posted on one of the compromised sites. However, he may not have had anything to do with it.
Krebs uncovered a conversation between who seem to be the true masterminds behind the attack (and may not even be Anonymous members themselves) discussing just what to do with their handiwork.
“I vote for defacing this right now,” wrote one.
“We can put Ryan’s dox (personal information — ed.),” suggested the other.
Before settling on this course of action, one of the hackers broached a more insidious idea: uploading a virus to Eidos’ home page. “There[sic] security will be responsible for like thousands of f*cked up computers,” he said.
Though the idea was quashed, the duo still made its mark.
Square-Enix, the Japan-based publishing giant who owns Eidos, have since issued a statement addressing the attack:
Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.
Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation. In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates.
No dissemination or misappropriation of any other personal information has been identified at this point.
We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident.
The last few weeks have been complicated for internet hacker cabal Anonymous.
Following retaliatory DDoS attacks against Sony over its legal wrangling against George “GeoHot” Hotz and Alexander “graf_chokolo” Egorenkov and repeated denials it was involved in a large-scale cyber attack on the PlayStation Network that compromised the personal data of tens of millions of customers, the collective faced an uprising of sorts as one of its own unceremoniously took over two official AnonOps channels.
MyCE reached out to Square-Enix for further clarification on the attack. No reply was received by press time, but this article will be updated should one arrive.