Wednesday evening the Eidos Montreal and Deus Ex websites were infiltrated and defaced by a splinter cell of the "hacktivist" group Anonymous. The sites were replaced by a defacement banner reading "Owned By Chippy 1337" and signed by the four hackers supposedly responsible for the break-in. By Thursday morning, Eidos web administrators yanked the sites offline and began a full investigation.
Apparently the banners were just the icing on the cake.
Chat logs obtained by KrebsOnSecurity.com reveal that the hackers possibly stole source code of several Eidos titles (including the new Deus Ex), around 9,000 resumes, and the personal info of at least 80,000 users registered with the Deus Ex website. These chat logs were reportedly left behind by the hackers while covering their tracks, and includes messages from "ev0," "nigg" and "e" who are affiliated with the hacker named "Ryan" (or Blackhatcat") that took over the IRC channels once used by the Anonymous faction.
Based on the conversation, these three broke away from Ryan's splinter cell, hacked into the Eidos websites, retrieved the source code and user database, and is now framing Ryan with the deed. There are also threats that the solen information will be released online for other malicious hackers to use and enjoy.
For now, there's no apparent reason why this splinter of a splinter is revolting other than it may have something to do with Anonymous' disapproval of Ryan's recent activities and thus have "doxed" him. For the uninitiated, "doxing" means publishing documents online including someone's full name, home address, phone number and Skype handle and other details. Ryan's full name was even used on the banners splashed across the Eidos websites, as seen here.
"ev0 and nigg got the 0day they used to break in [to Eidos.com] from one guy, then got Blackhatcat to execute it and then screwed everyone, stole the database," said an observer who asked to remained nameless. "This is how those guys roll: One day they work together, the next they war. They drop dox on each other like it’s a game. Just like they did pinning the defacement of Dues Ex on Blackhatcat. Then denied the whole thing. Its psychotic behavior like I have never seen. Its like they hate each other but will work together on certain ops if it suits them, but then might turn on each other in the end…and then laugh it off.”
Meanwhile, Eidos released an official statement regarding the breach, confirming that hackers gained access to part of Eidosmontral.com and two product sites. "We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again," the company said.
While the Eidos database doesn't contain credit card information, the company claims that the hackers gained access to up to 350 resumes that have been submitted to the company. Up to 25,000 email addresses were also obtained, but are not linked to any additional personal information, as they were submitted by users to receive product information updates.
"No dissemination or misappropriation of any other personal information has been identified at this point," the company said. "We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident."