Final Fantasy maker Square Enix hacked
- 13 May 2011
- From the section Technology
Hackers have broken into two websites belonging to Japanese video games maker Square Enix.
The company confirmed that the e-mail addresses of up to 25,000 customers who had registered for product updates may have been stolen as a result.
Resumes of 350 people applying for jobs in its Canadian office could also have been copied from the web servers.
Square Enix, which makes the popular Final Fantasy, Deus Ex and Tomb Raider games, apologised for the breach.
In a statement, it said: "Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites.
"We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again."
Graham Cluley, a consultant at security firm Sophos, warned that both leaks could cause problems for the individuals concerned.
"With the e-mail there is a danger that gamers could be e-mailed by someone pretending to be from the company who gets them to click on a link or run some malicious software," he told BBC News.
"The resumes are a blueprint for identity theft. They have everything that scammers want. The only thing missing is credit card information."
Mr Cluley pointed out that there was also the potential for huge embarrassment as it was unlikely those who had applied for jobs would want their current employers to know.
Square Enix said there was no evidence that the information had been distributed.
It also emphasised that the company does not hold customers' credit card data on its web servers.
Shortly after the attack, both websites displayed the message "Owned by Chippy1337", as well as several other known hacker names, including Xero, XiX and Venuism.
However, it appears that some or all of those names may have been misappropriated by the real attackers.
Logs of Internet Relay Chat (IRC) conversations have appeared on the online, which appear to show the perpetrators discussing the hack as they carried it out.
In one section, the individuals taking part wrote: "We put it in the name of chippy1337 and write the names ryan, dfs, xero, nikon, xix, venuism and evilhom3r.
The same person then added the comment, "lol [laugh out loud]".
Security in the video games industry has been in the spotlight in recent weeks after the hacking attacks on Sony's PlayStation Network and SOE online multiplayer system.
The personal details of around 100 million users were stolen from the company's servers.
Investigations into the source of the data breach are continuing, with specialist computer forensic teams and the FBI getting involved.
The PlayStation Network remains offline, more than three weeks after the intrusion was discovered.