Look At You, Hackers: The Deus Ex Data Theft

Hackers don't look like this.

Oh dear. Internet rotters have done it again, this time turning their attentions to the official website for Deus Ex: Human Revolution and for developer Eidos Montreal. But their hacking is not yer common-or-garden Denial of Service attack or painting pink moustaches on pictures of Adam Jensen – it’s stealing the personal data of some 80,000 registered users. Thanks so much, hackers.

The sites were also temporarily defaced to display the above message of willy-waving, reports KrebsOnSecurity, but everything’s superficially back to normal now. Reportedly, the damage was done by a subset of the infamous Anonymous hacker collective, who some believe were responsible for the increasingly ludicrous PSN outage/security terror (though they themselves claim they weren’t).

Clearly, if you used any login info for the DX3 or Eidos sites that you use for any other services, you should go sort out some new passwords and whatnot now, to be sure some cracker doesn’t start reading your Gmail or ordering the most expensive onions on Amazon Groceries. The exact scale of the problem and consequences are not entirely known as yet, as Eidos/Square is keeping shtum. It could have been a whole lot worse, however, if these chatroom logs (again, via KrebsOnSecurity) from the group who may have been responsible suggest:

[16:07] one thing that would be funny
i write a nasty virus
that will bsod on startup
fuck up all your drivers
delete tons of files
forkbom on start
we put that in an exploit kit
on the main page
there security will be responsible
for like
thousands of fucked up computers
and it would make the news

“One thing that would be funny.” Yes, wouldn’t it. Good grief.

Why these chaps did what they did isn’t entirely understood either – it could have been simply for the lols, but the chatroom logs bear some mention of ‘src’, which could be either in reference to the website’s source code or to the game’s source code. Sounds to me like their main interest was simply in sowing havoc, though.


  1. ZenArcade says:


  2. Darkelp says:

    I may just quit the internet. Seond time my information has been compromised in a month, Atleast I don’t have to cancel my debit card this time.
    What could they possibly gain from this action, other then coming across as childish idiots?

    Edit – Actually I never had a login for Eidos, but still, damn annoying.

    • Theory says:

      Attention they don’t receive in their real lives.

      Making newsposts that relay names, quotes etc. like this one does is exactly what they want, and encourages more of the same.

    • godgoo says:


    • Pyrosity says:

      Never use the same passwords for things that matter (any kind of bank or email info, steam, etc) as things that don’t (most websites).

      Things that matter generally have good security for this stuff, other websites…. well, there are plenty of examples of leaked information.

    • Bingo Bango says:

      @Pyrosity Steamguard negates password theft since it ties to specific computers

      Still, this is ridiculous…

    • Thermal Ions says:

      Except if you’re using the same password across multiple sites/services like your email and Steam then (a) they’ll be able to obtain the unlock code to run Steam on other hardware, and (b) you’re an idiot.

  3. Jetsetlemming says:

    Script kiddies ugh. Grats on downloading something that makes you feel like an e-man, now fuck off the internet forever.

    • BunnyPuncher says:

      They dont sound like “script kiddies”.

    • DMStern says:

      How about directing some of that anger towards the companies that insist on collecting all our information but can’t ever seem to keep it safe.

    • icupnimpn2 says:

      No. How about directing anger to the people that willfully perpetrate the crime. As much as the hacker kid says, “there security will be responsible,” you know what dude… you’re responsible. Their security didn’t make you try to break in.

      It’s like blaming the victim of a rape. Yeah, maybe they could have taken more precautions. Maybe they shouldn’t have shown so much cleavage, or been in that part of town at night. But it’s the rapist’s fault, no matter how much “they were askin’ for it.”

    • Xercies says:

      Because clearly hacking and rape are two crimes that are the same!

      Lets put our anger on both to be honest, the company for not making it that secure, and the hackers that seem to do this for fun

    • jalf says:

      Because clearly hacking and rape are two crimes that are the same!

      Yes! And so is piracy, of course!

    • jalf says:

      @icupnimpn2: “rape victim”? Eidos isn’t the victim here. The people whose account informatino (possibly) got leaked are.

      And sure, those who hacked the site are guilty of hacking the site. But Eidos is guilty of allowing the hack to take place. They’re guilty of failing to protect the information they had been entrusted with. That’s why they, any every other website, require you to provide a password when you log in: because they’re responsible for keeping your account secure. If it “isn’t their fault” when they fail to protect your account, then there’s no need for them to even require a password. They could provide a humongous dropdown list of all their registered users, and you could just pick the one you wanted to log in as. Because hey, if anyone abused it, it’d be that person’s fault, Eidos would’ve done nothing wrong.

      Most countries have privacy laws which say something to the effect of “if you store another person’s private information, you goddamn keep it safe, or you will be held accountable”. Eidos is to blame for failing to safeguard against this, just like the hackers who did it are to blame for actually hacking the site.

    • psyk says:

      You guys and your dream of a 100% secure system that’s not in a room with no door and no network is laughable.

    • icupnimpn2 says:

      How is a company supposed to know when their practices are secure enough? There’s some little puke out there spending all his days looking for some chink in the armor.

    • icupnimpn2 says:

      Why double post did come? Go way double post!

    • Consumatopia says:

      The hackers were criminals, they should go to jail.

      Eidos was negligent, they should pay damages.

      Eidos defenders are idiots, they should shut up.

      Blame is not a zero sum game–there is plenty of blame to go around for everyone.

    • Devan says:

      They sound like script kiddies to me, partly because of that chat log and partly because of the fact they did it for the recognition. They even gave out their names and IRC server, which is just begging to be surveilled.
      I agree with the sentiments that both the script kiddies and the network admins are at fault to varying degrees. It’s hard to verify how much Eidos is at fault without knowing which exploit was used and whether or not it could reasonably have been prevented. The unfortunate reality is that network staff at many companies are too burdened with support requests and other demands to be able to devote the necessary time to the intangible work of network security.
      Maybe management just isn’t willing to employ someone to do invisible work full-time, but it’s a big job to regularly examine and rotate log files, monitor and maintain your IDS, and keep all software and network services fully patched with security updates. There’s even a fairly strong incentive _not_ to apply patches because of the likelihood of something not working right anymore.

      It’s unfortunate but it’s no excuse for having shoddy security. If you’re storing personal, financial, or password information about your users, you’d better take every reasonable step to make sure it’s protected. If you can’t do it, then don’t store the info; simple as that.

    • Tatourmi says:

      Responsibility is a funny thing, pretty arbitrary. Who was responsible? The hackers? Eidos? It could also be the person that taught them how to code? Maybe their mom for giving birth to them? Maybe their dogs for pissing them off that day? Maybe the internet for allowing them to contact each other, and, most importantly, to hack things? Maybe the wordl’s fault for existing? The makers of the first Deus Ex for making it so good some people decided to make sequels? The list goes on litteraly for ever.

      There are plenty of things that, if they didn’t exist or didn’t make something at some point, would have theorically prevented the crime from happening. Is that what responsibility is? Is that how it is defined?No, it would be absurd, deeply absurd. Responsibility seems at this point to be a very strange metaphysical concept. Who is ultimately responsible? Is there really someone responsible?

      This is an incredibly tough question if you take it this way and, unfortunately, it needs an incredibly straight and clear answer, or rather the legal system needs one to function properly.

      And actually the legal system is the key. There is no objective responsibility without and objective arbitrary decision in the forms of laws. The responsible party is the one that went against the law. And there is nothing more to it. Responsibility is a legal term, only a legal term, was made to be a legal term, and should be discussed so.

      Now I ask you: Was Eidos against the law? I don’t think so.
      Consequently is Eidos responsible? They cannot be.

      Also (My original post, which went a bit overboard):
      An ideal society would not be a society in which everyone is paranoiac and protected but a society in which criminals don’t exist.

      PS: In the perspective of defining who is responsible there is no difference between a rape and a hack.

    • Consumatopia says:

      And actually the legal system is the key. There is no objective responsibility without and objective arbitrary decision in the forms of laws. The responsible party is the one that went against the law. And there is nothing more to it. Responsibility is a legal term, only a legal term, was made to be a legal term, and should be discussed so.

      Wrong. Every sentence. Wrong. The law may have a concept of responsibility, but it is a concept that exists outside the law.

      Now I ask you: Was Eidos against the law? I don’t think so.
      Consequently is Eidos responsible? They cannot be.

      Depending on what Eidos did, they may be liable to the civil tort (not criminal charge) of negligence.

      However, the ethical/moral definition of irresponsibility is independent of the legal definition of negligence. If I give Eidos my data, and Eidos says it’s supposed to private, then Eidos is responsible for keeping that data private. When Eidos asked for my data, we both knew there were potential adversaries who would want to take that data.

      Heck, even independent of the ethics/morality, there’s their business reputation. Eidos would like to be known as someone who can protect user’s data. Now we know them as someone who can’t. I’m not obligated to forget this just to protect Eidos’s feelings, or yours.

      PS: In the perspective of defining who is responsible there is no difference between a rape and a hack.

      jalf had this right. Eidos is not a victim here. The users are. If you want to go with this moronic rape analogy, then this is like someone getting raped in the lobby of an apartment building while the security guard was napping on the job. The guard is not the victim, here.

    • Nesetalis says:

      “Script kiddy” used to be a derogatory term.. now its really the standard.
      Do you really think these guys used some telnet client to reply to queries and crack the system? no… they used programs, perhaps written by them, but programs none the less..
      The days of hacking in to a server manually have gone.

  4. Icarus says:


    Edit to actually be constructive: Only Eidos-related password I had was for the online store after purchasing Startopia for a few quid a while back- which I’ve just changed.

    Thanks, script kiddies. Thiddies.

    • Bhazor says:

      Holy crap! Why did I not know Startopia was available online?

      I’m havin’ that. Once the servers have calmed down again.
      link to store.eidos.co.uk

    • Bilbo says:

      Killer game. Usually available in the 3 for £10 section of GAME.

    • MadTinkerer says:

      Not on Steam, not on Gog.com, not on Impulse. I wish publishers would get a clue sometimes.

      For organizational purposes, I need to limit the number of different places I order games from, and if you’re not a zero-budget-Indie or an owner of a major download service, I’m not buying a downloadable game from you. Just frickin’ put it on Steam, and if not on Steam than GoG or Impulse or Desura. Yeesh. (Also, no GFWL.)

    • chakraist says:

      I love Look Around You. Thanks, Icarus.


  5. Stense says:


  6. Dozer says:

    1) Staring Eyes tag
    2) I’d have blurred out their IRC channel in the second image. And also all their names.

    • SuaveMongrel says:

      Eh, just leave it.

      Put it this way, the more this hacking business goes on, the more likely it is a virtual-Batman appears and serves the highest of punishments.

      Cleaning their rooms.

  7. Bilbo says:

    Somehow in spite of myself I feel the term “Fucking cunts” is appropriate here

  8. Stitched says:

    I was going to say, before Darkelp kind of hinted at it, what kind of personal information are you giving to that site? Aside from CC information (if you can buy stuff), why would you use real information?

    • jon_hill987 says:

      People will have signed up with an email address and a password. Type that email address into various other sites and you can bet (if the user is registered there) a large number of the passwords will be the same. Steam accounts for example.

  9. Vexing Vision says:

    Do you remember the time when hackers were gamers, and only targeted “the man”? When the label “white hat” meant something? When the vandals spraying graffiti on all the walls and smashing windows everywhere were jocks and uneducated kids from abusive families, instead of intellectuals knowing how to switch on a computer?

    Get off my internet-lawn, you fucking kids. :(

    • Teddy Leach says:

      I remember. I pine for a return to those days.

    • Grygus says:

      “White hat” meant something because there existed such a thing as “black hats.” The good old days never were, actually. Sorry.

  10. JYzer says:

    What a shame…

  11. Anthile says:

    Seems like the hacking minigame in the new Deus Ex is a bit too easy. Wait.

  12. Jetsetlemming says:

    Also I gotta say, them having names seems to go against the whole “They’re part of Anonymous” idea.

  13. Valvarexart says:

    “Anonymous hacking group” really isn’t a hacking group. It’s just a collection of a bunch of retards from [hidden] that sometimes hang out in an IRC chatroom. A few of them might have genuine hacking knowledge, and the rest cling onto them and pretend to be “responsible”. I find it most likely that it was done by another group which then dumped the info or something similar in AnonOPS IRC.

  14. bigolslabomeat says:

    Unlikely related to Anonymous what with them putting their names on and therefore not being… you know … ‘Anonymous’ any more.

    Also I doubt they had anything to do with PSN, it would have been trivial for anyone with a basic grasp of programming and access to Google to hack their unpatched and unfirewalled Apache.

    • Valvarexart says:

      I am pretty sure that AnonOPS are partly responsible for PSN though. They started the DDoS’ing before the network went down.

    • Icarus says:

      Yeah, I’m gonna say it wasn’t Anonymous. 1) they left names, 2) Anonymous MO seems to be more activist-y/freedom-of-speech types (targeting companies that made life hard for Wikileaks etc). This just seems like some random idiots who thought it’d be funny to cause havoc.

    • Valvarexart says:

      Well, they targeted Sony because they were filing a lawsuit against the dude that jailbreaked PS3 or something…

    • Icarus says:

      Anonymous may well have been responsible for the DDoS on Sony, but I’m not convinced that they were behind the data theft there.

    • Martha Stuart says:

      They might not have stolen the data but the provided the smoke screen for who ever did, or atleast thats what Sony’s info security guys are saying.

    • jalf says:

      But by that logic, the guy who brought their programmers a cup of coffee is behind the hack too, because that too provided a distraction and a smoke screen.

      Sony’s security people failed to detect and prevent a major hacking attempt, and external circumstances don’t change that, or absolve them of their responsibility. Millions of users entrusted them with sensitive information, and they failed to protect it. That’s really all there is to it.

    • P7uen says:


      I’m pretty sure you can’t be pretty sure of something when you clearly haven’t even read, or at least remembered, basic new stories about it. You should probably not say any more.

    • ReV_VAdAUL says:

      Pretty soon we’ll find out that among the files found by the soldiers that assassinated Bin Laden were chatlogs with members of Anonymous AND Wikileaks.

    • Blackseraph says:

      Anonymous really aren’t that bad, they like dogs and cats and make life hard for those who don’t like them and are stupid enough to post their cat torturing videos in the youtube.

      They also don’t like scientologist or dictators and are big on the freedom of speech. They are more of an activist group, what they do might sometimes be illegal. But it isn’t necessarily mean spirited. In my opinion anyway.

    • Robert says:

      [16:12] make a deface page pointing @ xero
      [16:12] with personal info
      [16:12] or someone else you dont like

      From the linky. So it might, or might not, be Anon. And I don’t believe you can validate everything because sometimes -parts of- Anon says/suggests they are ‘freedom fighters’.

    • Blackseraph says:

      My point is that anonymous usually have a point, a reason to attack whoever they are targeting, and those targets usually do deserve it. Say companies that made life hard for wikileaks or Mubaraks regime. As far as I have seen they don’t do things just to be jerks. At least usually.

      Of course I could be wrong and they are just cyberjerks, but I don’t want to believe it. Not yet anyway.

      And they don’t just say or suggest that they are freedom fighters, they actually act.

    • SuperNashwanPower says:

      This from PC Gamer:

      “According to the hackers’ IRC chat logs, the names credited with the hack belong to a series of Anonymous members disliked by the real culprits, evo and @n”

      So the names are sort of a smear campaign really – people the real hackers wanted to shaft by sticking their names on the hack.

    • Azuku says:

      I’m getting kind of sick of people’s misunderstanding of what “Anonymous” is, or rather, the assumption that they are anything. Saying that a hack, or data theft, or whatever, was done by Anonymous implies some sort of internal structure, which is inherently the opposite of what anon is. There is no internal structure, no leader of any kind, no MO, and no consistent motivation for anything. Saying “This looks like something that Anonymous would do” is not the same as saying “This looks like something that Jonathan James (or whoever) would do”. Anyone can be anon, and this means that you may not be talking about the same people twice in a row, or ever. It also means that you can’t prove that anything was done by Anonymous. Nothing is stopping any random dick from doing something then posting “Anonymous is legion, we do not forgive, we do not forget”, and bam anon clearly perpetrated this crime, and for all intents and purposed, anon did. “Anonymous: The hacker collective” is as silly as it is vague.

  15. Dark_Oppressor says:

    So, does every random act of internet naughtiness get pinned on Anonymous now? (which even sounds silly, blaming it all on anonymous, ie. no one knows who did it :-P)

    • gorgol says:

      Lol, indeed.

    • Burning Man says:

      That’s the trouble with choosing such a stupid name. You share the collective responsibility of every hacker/cracker on the internet.

    • Defiant Badger says:

      Yes, which makes it very quite unbelievable when they say they’re not responsible for the PSN debacle; as all you have to do to be apart of anonymous is to share they’re ideology.

  16. jon_hill987 says:

    “one thing that would be funny i write a nasty virus”

    Yeah, that would be funny. No, wait, the other thing. Criminal.

  17. Gnoupi says:

    “Chippy1337”. Right.

  18. Neurotic says:

    When did Square and Eidos get into bed together anyway? Seems like a fairly random pairing.

  19. sonofsanta says:

    Although I don’t suspect it was done by Anonymous, I think Anonymous has made cracking like this cool again.

    Unfortunately, whilst I can largely agree with Anon’s liberal sentiments, this is just stupid and rather pathetic.

    • Daniel Rivas says:

      Ah, the liberal sentiments of Anonymous. Freedom of speech, but only for the right people with the right speech. Anyone else gets a denial of service error message instead.


  20. Kdansky says:

    How long until people stop using the same password every where? Oh, right, people are stupid. Never mind, proceed with losing your credentials every few months. Nothing to see here.

    • StranaMente says:

      At the moment I got about one hundred user id’s and passwords for the same number of sites. The question is: how can I not use about the same password everywhere?
      For some of the most important there are greater differences, but otherwise it will only be a giant pain in the ass. It’s not a customer problem. The problem is these dickwads.

    • yrro says:

      More like, how long until sites stop storing passwords in plain text?

      Passwords must be hashed and salted. No exceptions. To do anything less is negligent.

    • BunnyPuncher says:

      Unfortunately the problem is you.

      Being too naive to protect your online data is outright careless… shouting and screaming about inevitable secuity breaches will do you no good. Its actually a positive thing these guys (seem) to be interested in havok. They force security systems to tighten up, making more sinister hacks a little bit harder to create.

    • Stitched says:

      KeePass is your friend – Generates log-in passwords of random or user specified sizes, stores them in a passworded program with keyfile, for access later. Truecrypt the directory of the program and you are set.

    • Kaira- says:

      Because remembering 10-50 passwords can get quite frustrating.

    • TheApologist says:

      I am not going to store 50 strong passwords in order to use the internet. I’m just not motivated enough by most sites on the internet to do so.

      So either I use the same passwords and website security gets better, or security breaches keep happening and I stop using a lot of sites.

      So, yes, it is up to the websites that want me to visit them and login to use them to make security practical. When did it happen that I became responsible for a websites continued survival?

    • Meneth says:

      “So, yes, it is up to the websites that want me to visit them and login to use them to make security practical. When did it happen that I became responsible for a websites continued survival?”
      100% security is impossible. Therefore any responsible user should do what (s)he can to reduce the number of weak points in their online persona. One way to do this is having at least a few different passwords, graded by importance (E.G., stronger passwords for important, secure sites, and weaker passwords for less important sites). This alone reduces risk by a huge amount, as the points of failure for each password is now much lower.

      Another, also easy, way to keep one’s online persona secure, is using a password manager (LastPass or KeePass, for example). This way one can have unique, strong passwords for every site one uses while only having to remember a single one. The hacking of a single site won’t affect any other sites. The only important point of failure is then the password manager itself, but unlike a forum or other random website the focus on security is much higher.

      I do not feel sorry for anyone who uses the same password all over the internet and then has to suffer the repercussions when one of the websites the person uses gets hacked.

    • Coren says:

      To those of you complaining about having to remember or store dozens of passwords, there are quite a few solutions to that problem.
      Personally, I use Lastpass (link to lastpass.com), which is a cloud-based system for generating, storing and managing passwords. Lastpass works on pretty much any browser, any OS and any mobile device, and it’s generally pretty damn handy.
      Security-wise, the passwords themselves aren’t stored online, just the encrypted forms (or the salt? Whatever them security-types call it). And Lastpass have recently shown that they’re positively paranoid about security breaches, preferring to force password resets for their users instead of ignoring the risk that even a minimal part of their encrypted data might have been compromised. Oh, and if you’re truly paranoid, they also offer several kinds of multifactor authentication.
      If you don’t trust cloud-based systems, there’s plenty of other password managers you can use. There’s simply no excuse not to be using different strong passwords for every site you visit nowadays.

    • cliffski says:

      “Its actually a positive thing these guys (seem) to be interested in havok. They force security systems to tighten up, making more sinister hacks a little bit harder to create.”
      if it was a positive thing, the hackers wiould email the website and inform them of their security hole, and give them time to patch it.
      But ‘hackers’ are too selfish to actually behave in that way. They just want money, and bragging rights
      There is no justification for this sort of thing. if I went out and smashed all the windows in my neighbourhood, maybe it would encourage people to develop stronger glass, but I’d still be an antisocial dick for doing it.

    • lamzor says:

      well as you said. its possible that someone hacked lastpass
      link to blog.lastpass.com
      im a bit paranoid myselves. i started using keepass
      link to keepass.info
      it can autofill forms, logins, passwords on webpages(based on several rules). the copy/paste bin is protected and it is copied and pasted only 1-2 letters at a time and randomly pasted into correct position on forms. that means even best keyloggers cant steal your passwords while they are pasted to forms.
      keepass software can be locked, it can be unlocked by master key which can be entered on secure desktop – keyloggers wont work.
      database can be exported and saved somewhere(web, mobile or usb key). even if someone has this file, its still password protected.
      this software was ported to (i think) every mobile platform as well.
      i have been using it for ~2months and im very happy with it.
      edit: oh and its free.

    • Stitched says:

      Seconded for KeePass. Ever since the Gawker site got compromised, I downloaded this, use an encrypted keyfile and log-in password for the database, and haven’t looked back. The Autofill command or the ability to drag and drop logins and passwords make it dead easy to access sites without having to remember a ton of passwords.
      “I can’t be arsed to cook so I only eat at McDonalds every day”
      *develops Type 2 Diabetes*
      “Screw you, McDonalds! It’s your responsibility to prevent me getting diabetes!”
      Think for yourself. Don’t expect or rely on others to be as clever as you are.

    • Pointless Puppies says:


      In other words, you’re too lazy to take proper care of your own account security and expect other website to do the work for you. Especially when it’s common knowledge that no network infrastructure is 100% hack proof, making your vague demand of “make better security nao” all the more nonsensical.

      You have no excuse. There’s plenty of browser-based password programs out there that store whatever password you want and automatically fill in login forms for you. Or failing that, just use a plaintext file in your own hard drive. Or do what you do, and whine all you want that hacking exists and demand better security. Makes just as much sense as not locking your car and blaming your car manufacturer for “bad security” when it gets stolen. If you’re too lazy to take care of your own accounts, don’t complain when they’re all breached at once.

  21. ananachaphobiac says:

    I wonder what the collective noun for script kiddies is? A “Hormone,” a “Testicle,” a “Wank?”

    Any suggestions?

  22. NicoPonk says:

    How is this related to Anonymous ?
    Those guys seem to be responsible for about anything those days…

    • elsu says:

      Reading the linked article (particularly the IRC logs) it loks like this is related to the fuss over at AnonOps. The names they put there are not theirs, but those of people they don’t like. In this case, I assume one of the ‘Ryan’s named is that of an AnonOps moderator who engineered a take-over of their IRC channels recently.

  23. kikito says:

    Anthing ending in 1337 deserves public scorn.

  24. Recidivist says:

    “[16:08] there security will be responsible”

    It’s ‘their’. Fucking illiterates -.-‘

    • Vexing Vision says:

      Writing nasty virus > writing good grammar! Go with the times, dude!

    • RC-1290'Dreadnought' says:

      The problem is that you don’t HAVE to compile English, so you can’t be sure if it is correctly written, until someone tries to read it. Of course you can use a tool to check spelling, but grammar is a little bit harder to check. The tool would at least have to be able to interpret every sentence, and create analogies which the user would then have to compare to the message that user intended to write. Of course, the tool could also be made to only check for homophones, but that still would not be fool proof.

      Of course you could demand the original author to check the grammar, but since the author is also the origin of the mistake, it is unlikely that all mistakes can be reliably found. Especially with a language like English, which is used a lot on the world wide web, you will find a lot of people who learned it as a secondary language. So I have the opinion that you can’t expect everyone to be completely aware of all rules regarding the use of ‘the’ English language. (‘the’ was put between quotes because there are many variations)

      However, I do agree that some mistakes could probably be more easily corrected, if the writers had put more effort into learning about common mistakes, and how to detect and correct them.

  25. Tunips says:

    Are we sure this isn’t part of an over-elaborate ARG? Technically speaking, Eidos HQ could be part of Anonymous. Either way, it’s some cracking good irony in very poor taste (the best sort)

    • Bursar says:

      That was my first thought as well on reading this.

      What I want to know is whether the hacker climbed up the fire escape to the roof, went in through an air vent, turned off the cameras, knocked out two guards and then got the data direct before leaving in a stealth helicopter?

    • aerozol says:

      @Bursar > <
      @frightlever Just log into 4chan once, say ‘I’m part of Anonymous’, and you’re done. There’s no forms to sign.

      On topic, since they reported losing customer information, I think it's unlikely to be any kind of internal stunt. Otherwise I would be suspicious too, because this kind of carry on seems to get a lot of coverage in sources that don't usually cover gaming news.

    • hosndosn says:

      Crtl-f “ARG”.

      Indeed, with all the ARG trends, this could be an elaborate publicity stunt. It fits the theme. Nobody gives a crap about the deusex.com website (especially not Anon, they got other things to do). Very convenient timing for an ARG.

      That green splash screen. Do they list real names next to the nicks?! I have no idea how these tags are usually handled (maybe fake names or trolling IRL people they don’t like) but it seems odd. To write anything at all, actually.

    • JackShandy says:

      If it’s an ARG than it’s the worst ad since GOG pretended it went out of business. I assume Eidos has enough clever marketing men there to tell them that pretending hackers stole the info of everyone who went to the site would be a horrible, horrible move, so I can’t imagine them pulling something like this.

  26. aerozol says:

    If ‘Anonymous’ did it, then they just put up names of people they don’t like, who are probably going to get some knocks on their door soon..
    Funny how ‘anon’ get blamed for everything now though. Since that’s not really a person, or an organization, or anything really identifiable. The media really do empower 4chan a lot with that though, good for them.

  27. Rii says:

    ‘Anonymous’, ‘Taliban’, ‘Communists’, ‘Anarchists’; it’s always the same: the system needs an enemy.

    • JackShandy says:

      Yeah, every time some guys hack into a site and steal huge amounts of private info all the fat cats and G-men start looking around for someone to blame. It’s outrageous.

    • Dana says:

      Not sure if trolling.

  28. Flimgoblin says:

    I hear anonymous started putting cats in bins too… seems a bit odd to try and pin something with a bunch of people’s names all over it claiming credit on Anonymous… a group whose whole MO is being, well, anonymous.

    I once wore a batman mask to a fancy dress party, does that mean if I ever do anything wrong we can pin it on Batman?

  29. Milky1985 says:

    “Reportedly, the damage was done by a subset of the infamous Anonymous hacker collective, who some believe were responsible for the increasingly ludicrous PSN outage/security terror (though they themselves claim they weren’t).”

    Its only reportedly anonymous because every single news outlet is now blaming any hacks on any gaming related sites on anonymous, like how every single hack out there to governments or places with customer information is blamed on the chinese.

    I don’t really get blaming anonymous, becuase its not like they are a proper group with joining rules etc, to be anonymous you simply say “i am a member of anonymous”, it covers the entire human race in theory :P

    They migth as well report “a human did it” as it covers about as many people :P

    Oh and saying they are a “hacker collective” is a bit daily mail, last time i heard, they are simply a bunch of people that group together to do X, athe moment X = Dosing from the looks of things but previous X was annoying the CoS.

    • jalf says:

      They migth as well report “a human did it” as it covers about as many people :P

      Er, I do believe that the number of people who identify themselves as “human” is qutie a lot bigger than the number of people who identify themselves as “involved with Anonymous”.

      No, I don’t think it covers quite as many people, no.

  30. Keilnoth says:

    Having unique passwords for your Gmail, Paypal and other critical websites is a good start for protecting your data and not having to change your password everytime that kind of news appear on the boards.

  31. adonf says:

    Wait, you can order groceries on Amazon ? My life is augmented !

  32. jalf says:

    Sounds to me like their main interest was simply in sowing havoc

    Oh, I dunno. Getting hold of username/password info for a few tens of thousands of people is pretty handy. Since most people use the same usernames/passwords on loads of services, that would allow them to log in to a lot of people’s gmail and whichever other services you use. How about Amazon or Apple’s Appstore, or another site that conveniently remembers your CC info?

    Yet another reason why it is so bloody stupid for every goddamn game developer to have their *own* user account database with *their own* insecure login mechanism and password database.

    If the games industry would just grow up a little bit, they’d delegate the whole authentication business (to the extent that it’s needed at all) to professionals. OpenID, anyone? Both Steam and GMail are OpenID providers, so relying on open, and secure, standards, they could allow anyone to log in with their steam username or gmail account, with individual sites never even *seeing* your password. And so, when lazy developer #37 gets their website hacked, the poor fools who registered wouldn’t have lost any personal or sensitive information.

    • Rii says:

      Yeah, that’s what wrong with the internet today: the powerful just aren’t powerful enough! If only Facebook ran absolutely everything, then we’d all be safe.

    • jalf says:

      Huh? What does that have to do with anything?
      My point is that I’d rather store my password with a site that specializes in security, and which can then to authenticate me to the websites I register on, and which I don’t necessarily trust to the same degree, rather than having every to give my password to every company whose website I want to log in on.

      I fail to see what it has to do with facebook, or anyone else, “running everything”. How would it allow anyone to “run everything”?
      The clever thing about OpenID (which is just one example of how the problem could be solved) is that it makes no requirement on who you use as your OpenID provider. You can use Steam, or Gmail, Facebook or one of several dozen other companies. You choose who to trust with your authentication info. That’s the polar opposite of “allowing the powerful to run everything”.

    • Kaira- says:

      I personally would prefer that my passwords wouldn’t be centered to one location, it makes it more fragile than having multiple passwords for multiple pages. And well, concentrating power to a single entity has never yielded very good results in history.

    • vandinz says:

      I have a different password for different places. Only important places though. Websites and forums etc I couldn’t give a shit about. Ebay, Paypal, Gmail … etc, all though are different. Best way to be atm.

    • jalf says:

      I still fail to see the relevance. This wouldn’t force you to store “all your passwords in one place”. It would allow you to store the password only in places you trust, rather than with goddamn everyone who wants you to log in on their website.

      It would allow you to separate “I want to log in to this website” from “I entrust this website with my password”, so you can log in to a website without giving *them* access to your password.

      You could create a separate OpenID for every site you log in to, using a different OpenID provider for each, if you wanted to. But you’d be able to *choose* which company gets to store the information. Eidos would never see your password, so when Eidos gets hacked, you’d lose nothing.

    • Lukey__b says:

      But then OpenID will just run off and takeover the world.

      Seriously, Jalf, what you suggest sounds quite sensible.

      At the moment I have 1 or 2 easy passwords for bullshit like this (serious internet bullshit, of course) a fewof pretty decent passwords for my main bank, email and Amazon. Everything else I either tick ‘remember my password’ or request a password reset everytime I use that site. PLUS I have 5 or 6 systems I use at work, where they ask for a different password for each.

      Then I have different ‘secret phrases’ whenever I want to talk to a company on the phone, to sort out a bill or something.

      Too many passwords to remember. Although I do remember the first random number password I was given in ICT at Secondary School.

    • Devan says:

      While systems like OpenID are better than someone using the same username/password pair everywhere, I think that it is very important to have the ability to use different identities in different locations. It’s a balance between security and privacy, since if people have a single ID for every community, it makes it a much easier to do social profiling / behavioural analysis / data mining / etc.
      Some sites even let you log in with your Facebook or Gmail account and I always prefer to create a new identity. I’d rather have a password manager with hundreds of accounts in it than a single ID that might be compromised.

  33. Corrupt_Tiki says:

    And again a few fuckwits make things hard for everyone else, we should just start shooting them. Honest. I’m down, I have guns, we could make a game of it!

  34. WJonathan says:

    I’m interested in sewing hammocks, too. It’s not my main interest, but still I enjoy it. That doesn’t make me a bad person.

  35. AbyssUK says:

    For script kiddies to get into your site means your not looking after it enough.. simple. Companies need to realise if they want to store data about their customers then they need to store it properly, that means keeping your database/web server updated… and encrypting any stuff you keep decently is trivial these days its just lazy not too.
    Yes hackers shouldn’t hack its mean… but so is bank robbery banks don’t keep the money in easy to snatch ‘swag’ bags so why should companies be so flippant with our info.. something needs to change.

  36. HelderPinto says:

    “but the chatroom logs bear some mention of ‘src’, which could be either in reference to the website’s source code or to the game’s source code. Sounds to me like their main interest was simply in sowing havoc, though.”

    Of course it’s not the game source, the webpage has nothing to do with the game. And it’s tottaly diferent servers, probably not even in the same country

  37. kimded says:

    This is why we can’t have anything nice… a part of me almost wants Anonymous to teach these script-kiddies a lesson, but that would be wrong, I must try for the higher path

  38. Muzman says:

    While this is naughty and needlessly destructive, it does highlight the casual and sloppy way registration is being required for all sorts of things for no real reason other than data mining these days.

    Add a line in ‘advice for modern living’ right under “Don’t talk to the police”. “Don’t help marketing”.

  39. SuperNashwanPower says:

    I thought hacking was sort of illegal? If so, isn’t leaving your name on the site a bit like doing over the local off licence, then handing out copies of your passport to anyone present?

  40. Zanchito says:

    Deus Ex site hacked? So very meta!

    To be pedantic:

    DoS is not hacking

    And not to excuse any kind of data theft, but companies should really improve their data security, it’s wores than appalling at many sites.

  41. The Army of None says:

    Why does this not have the Staring Eyes tag?

  42. Coins says:

    Man, I sure hope Steam is properly protected…

  43. Lost says:

    Could we please start calling these people crackers? Thanks!

    • vandinz says:

      lol yeah. So many people get the term wrong I just go with the flow now.

  44. apa says:

    Thanks Eidos, and thanks all the companies who want our information and don’t keep it secure. This kind of behaviour is just as bad as if your bank threw your old records to the trash bin on the street. No one who’s not looking will not find them but anyone with even smallest bit of interest can mess up your life.

    Information holder is responsible of its security.

  45. vanarbulax says:

    As bad as data theft is, that’s the fact that it was Deus Ex which was hacked is pretty lulz-y.

    Also chances of this being viral (no-pun intended) marketing?

  46. Diziet Sma says:

    Absolutely pathetic… whatever happened to hacking as a form of betterment and advancement rather than embitterment.

    • vandinz says:

      Exactly, what was to gain from this? Gone down in my estimation.

  47. DrazharLn says:

    I find it amusing that the hackers are getting all the flack here, as if Eidos wasn’t at all responsible for their network security. If the hackers really did use a 0day (a currently unknown exploit) then they’re off the hook for the penetration of the website. But if they acquired passwords and game source (the website source is probably worthless) then that’s just bad practice on Eidos’ part.

    • vandinz says:

      Oh right, so you see a car with it’s window open, you steal it and it’s the owners fault? Get a grip.

    • jalf says:

      If someone promises to keep your wallet safe in their car, and they forget to lock the goddamn door, then yes, it is absolutely their fault when they lose your wallet.

      Get a grip yourself.

      Eidos were entrusted with potentially sensitive user information, just like your bank is, and just like Sony’s PSN were. And when they screw up and allow third parties to access that information, then it is absolutely their fault.

    • Robert says:

      Nice analogy there. It illustrates the discussion “Who is guilty, the car owner, or the wallet owner? Somehow, for a lot of people, this debate clears the PERSON WHO ACTUALLY COMMITTED THE CRIME of blame.

      You can say the ‘wallet owner’ is careless with his/her passwords, the ‘car owner’ could’ve protected the site better, but please.. if you want to blame: blame the f’in THIEF OF THE ‘WALLET’!

    • Batolemaeus says:

      Robert, this might confuse you, but that the person committing the crime is guilty isn’t specifically mentioned, because that is already implied.

      When I entrust someone with my stuff, I expect them to take measures to protect my stuff. They won’t be able to change the world with lots of mean people in it, so I can’t demand they do that. Instead, I demand they tighten their security, as that is the only thing they can do to prevent theft.

      So if my stuff gets stolen, I will blame the people who didn’t protect my stuff from whatever might be out there.

      Getting owned by a bunch of scriptkiddies is a testament to how carelessly and incompetently the data was protected, or actually, not protected at all. Theres criminal behaviour from the crackers, and criminal negligence from the ones getting cracked.

  48. vandinz says:

    I like some of what anon does, mainly to arseholes like Scientology but this is to us, the people that ‘support’ them. So from now on they can suck my dick. I hope they’re caught and arse raped until they love it. Probably from the start. Fuckers.

    • jalf says:

      Even though there seems to be little reason to believe they had anything to do with this?

  49. roman2 says:

    They seem to share lots of data from the hack on BT, including CVs, SQLDumps ‘n Stuff. Could be fake though, I’m not very eager to download it.
    Another thing: They aren’t really sharing real names, irc channels and nicks with the world, are they? I mean… isn’t that a *bit* risky? o_0

    PS: hitman.com seemed to show the same message for a short time, at least the google cache lists it with the same content that has been on deusex.com

  50. Metonymy says:

    link to en.wikipedia.org

    This guy knew what internet security was about 300 years ago. I remember this being one of the first books I read when I went to college, before the internet even existed. I just randomly picked it up by chance, not for a class, and years later I laughed as people slowly came to grips with the necessity of malicious hackers.

    By the way, this is not an appropriate venue for rage.