Square Enix Data Breach And Leaked Customers’ Personal Information

By Author: Apple Tan
Total Articles: 68
Comment this article

Japanese company Square Enix, one of the world’s largest developers and publishers of games for PCs and consoles, has announced a major data leakage.  As a result, the personal information of about 25,000 Square Enix members has been compromised.
The security breach occurred after computer hackers managed to crack two websites of the Japanese company, gaining access to the e-mail addresses of registered users. It is understood that the websites affected were Eidosmontreal.com, run by Square Enix’s subsidiary Eidos, and Deusex.com, a promotional site for the upcoming game, Deus Ex: Human Revolution.
 “Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again,” said Square Enix in a statement.
Square Enix noted that up to 25,000 email addresses had also been taken in the document ...
... security breach, though these are not linked to any other personal data. The company also stated that the attackers couldn’t capture the credit card numbers of users, but they managed to download the resumes of about 350 people who applied for jobs in one of the company’s offices in Canada.
“Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation,” the statement continues.
According to a report by former Washington Post writer Brian Krebs, both the official Deus Ex: Human Revolution and Eidos websites were inaccessible on Thursday morning, May 12. During this period, hackers reportedly put up a banner that read “Owned by Chippy1337”, along with several other names and hacker handles of those supposedly responsible for the break-in.
The hackers, Krebs wrote, said they plan to distribute the stolen information on file sharing networks. His report pegs the volume of information stolen, according to the hackers, to be the personal information of more than 80,000 users and 9,000 resumes.
Graham Cluley, a consultant at the security firm ‘Sophos’ said that “The resumes are a blueprint for identity theft. They have everything that scammers want. The only thing missing is credit card information”. The information taken could cause problems for those looking to apply at Square Enix. He also said that “With the e-mail there is a danger that gamers could be e-mailed by someone pretending to be from the company who gets them to click on a link or run some malicious software”
With many organizations recently suffering from data breaches of its email lists, and companies such as Sony, ACS:Law and, most recently, Square Enix losing much more sensitive data, it raises the question as to how this has happened and the vulnerabilities of a network’s security. The frequency of information data breaches are only going to increase if organizations and companies fail to pay attention to, and increase their network security.
The companies and organizations need to implement robust information security initiatives, including having a proficiently skilled IT security workforce, in order to avoid cyber attacks and security breaches. IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST) to address the deficiency of technically proficient information security professionals.
CAST will provide advanced technical security training covering topics such as advanced penetration testing training, Digital Mobile Forensics, Cryptography, Advanced Network Defense, and advanced application security training, among others. These highly sought after and lab-intensive Information Security training courses will be offered at all EC-Council-hosted conferences and events, and through specially selected authorized training centres.

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). 
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced security training for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing training, malware analysis, advanced social engineering, cryptography, digital forensics deep dive, and web application security training, among others.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).