Final Fantasy maker Square Enix hacked

  • Published
Deus Ex Human Revolution image
Image caption,

The Deus Ex website was one of those hit. Hackers may have stolen users' e-mail addresses.

Hackers have broken into two websites belonging to Japanese video games maker Square Enix.

The company confirmed that the e-mail addresses of up to 25,000 customers who had registered for product updates may have been stolen as a result.

Resumes of 350 people applying for jobs in its Canadian office could also have been copied from the web servers.

Square Enix, which makes the popular Final Fantasy, Deus Ex and Tomb Raider games, apologised for the breach.

In a statement, it said: "Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites.

"We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again."

It is understood that the websites affected were Eidosmontreal.com, external, run by Square Enix's subsidiary Eidos, and Deusex.com, external, a promotional site for the forthcoming game, Deus Ex: Human Revolution.

Scammer's dream

Graham Cluley, a consultant at security firm Sophos, warned that both leaks could cause problems for the individuals concerned.

"With the e-mail there is a danger that gamers could be e-mailed by someone pretending to be from the company who gets them to click on a link or run some malicious software," he told BBC News.

"The resumes are a blueprint for identity theft. They have everything that scammers want. The only thing missing is credit card information."

Mr Cluley pointed out that there was also the potential for huge embarrassment as it was unlikely those who had applied for jobs would want their current employers to know.

Square Enix said there was no evidence that the information had been distributed.

It also emphasised that the company does not hold customers' credit card data on its web servers.

Mr Chippy

Shortly after the attack, both websites displayed the message "Owned by Chippy1337", as well as several other known hacker names, including Xero, XiX and Venuism.

However, it appears that some or all of those names may have been misappropriated by the real attackers.

Image caption,

Tomb Raider maker Eidos owned one of the hacked sites. The company is owned by Square Enix

Logs of Internet Relay Chat (IRC) conversations have appeared on the online, which appear to show the perpetrators discussing the hack as they carried it out.

In one section, the individuals taking part wrote: "We put it in the name of chippy1337 and write the names ryan, dfs, xero, nikon, xix, venuism and evilhom3r.

The same person then added the comment, "lol [laugh out loud]".

Security in the video games industry has been in the spotlight in recent weeks after the hacking attacks on Sony's PlayStation Network and SOE online multiplayer system.

The personal details of around 100 million users were stolen from the company's servers.

Investigations into the source of the data breach are continuing, with specialist computer forensic teams and the FBI getting involved.

The PlayStation Network remains offline, more than three weeks after the intrusion was discovered.

Related internet links

The BBC is not responsible for the content of external sites.