Blog Archives

Eidos confirms website hack, email addresses and resumes stolen

Eidos Interactive

Image via Wikipedia

Eidos has revealed that resumes of job hunters and email addresses of video game fans have been stolen by hackers in an attack on the Eidos and “Deus Ex: Human Revolutionwebsites.

Square Enix, the parent company of Eidos, confirmed the hack in a PDF press release. (Why do companies publish their press releases as PDFs, anyway? That’s just daft.)

Here’s part of the statement from Square Enix:

Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.

Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation. In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates.

There are two main risks here.

One threat is that if your email address is one of the 25,000 that has been stolen, you could receive a scam email (perhaps containing a malicious link or attached Trojan horse) that pretends to come from a video game company. After all, the hackers know that you’re interested enough in video games to give your email address to Eidos.

Secondly, the resumes from job hunters. This is a more serious problem. Just think of all the personal information you include on your CV: full name, date of birth, email and home address, telephone number, job history. This kind of information is a god-send to identity thieves interested in defrauding internet users.

So, it seems Sony is not the only video game company to be having problems with its computer security.

Lets hope the continuing stream of stories of companies having customer data stolen from them makes them take security more seriously in the future.

More information about the hack can be found on the KrebsOnSecurity blog.

Source :- http://nakedsecurity.sophos.com

Free Subway gift card spam spreading on Facebook

Sophos  received a number of questions from Facebook fans of Sophos regarding messages that have spread across the social network claiming to offer a $100 gift card for the Subway sandwich chain.

Here’s a typical message:

Subway Facebook message

Free Subway Gift Cards - Limited Time

Get Your Free Subway Gift Card Now! Click for Details

So, what’s going on here? Well, the first thing to realise is that it’s not something endorsed by Subway.

Although the link you click through to has no qualms about using Subway’s logo, and images of meals you can purchase at Subway, it’s actually from an independent third party company.

Subway gift card webpage

Many people will probably be so keen to receive $100 worth of Subway meals that they won’t read the small print at the bottom of the page:

The above listed merchants or brands in no way endorse or sponsor FreeGiftCardSon.us's offer and are not liable for any alleged or actual claims related to this offer. The above listed trademarks and service marks are the marks of their respective owners.

FreeGiftCardSon.us is solely responsible for all Gift fulfillment. In order to receive your gift you must: (1) Meet the eligibility requirements (2) complete the rewards bonus survey (3) complete a total of 5 Sponsor Offers as stated in the Gift Rules (4) not cancel your participation in more than a total of 2 Sponsor Offers within 30 days of any Sponsor Offer Sign-Up Date as outlined in the Gift Rules (the Cancellation Limit) and (5) follow the redemption instructions.

The pages ask you some simple and apparently harmless questions: are you male or female, which age group do you fall into, etc.. before asking for your email address.

Subway gift card spam wants your email address

At this point the page tells you that you must post the message onto your Facebook page in order to qualify for the free $100 Subway gift card.

In this way the message is spread virally to your Facebook friends.

But there’s still no sign of your free Subway gift card, because the site now wants you to hand over much more personal information, including your name, address, email address, full date of birth, cellphone and telephone number etc.

Form asks for your personal details

Again, notice that the webpage doesn’t seem to have any issue with using the Subway logo – despite not being affiliated with Subway. Clearly this is done in an attempt to trick Facebook users into believing that they are talking directly to the high street brand.

According to the small print, you’ll have to complete multiple “sponsor offers” before they will even consider sending you a gift card – which may cost you both in time and money, but also the sheer treasure trove of personal information you will have handed over.

Sophos advice? Avoid these “offers” as they’re unlikely to ever prove fruitful, and may result in you handing over a wealth of data about yourself to complete strangers. When you agree to post a message about such gift cards on Facebook, you are putting your online friends at risk of having their privacy damaged too.

Source :- http://nakedsecurity.sophos.com

Facebook Launches ‘Send’ Button For More Selective Sharing, Announces 50 Million ‘Groups’


Facebook’s increasingly ubiquitous ‘Like’ button is getting a new friend: the Send button. Click on a webpage that has the Send button integrated, and you’ll be prompted to share it with any of your Facebook Groups, your Facebook friends, or any standard email address. In other words, where the Like button is designed to let you quickly share content with all of your Facebook friends, the Send button is for sharing with a subset of them.

Site designers are groaning right now (they have yet another sharing widget to integrate), but it’s a logical step for Facebook — there are certainly times when you want to share links with a handful of friends instead of your News Feed, and this gives you one less reason to fire up your non-Facebook email account. 50 sites are launching with the feature.

In addition to the new Send button, Facebook is adding a handful of features to its existing Groups product, which was overhauled last October. First is the introduction of photo albums for Groups. Before now it’s been possible to upload a single photo to a group, and now you’ll be able to upload a whole set. These photo albums are unusual because they’re walled within the Group — only other group members will be able to see them (even tagged photos aren’t visible to people on the outside).

The second addition is integration with Facebook Questions, which re-launched last month. Now you can pose a question that’s contained within the group.

Finally, and most important, is a new setting that will require Group administrators to approve any new members who have been invited to join the group. Up until now anyone within a Facebook Group was able to invite any of their friends (the idea was that you’d be violating the ‘social contract’ if you started inviting people who didn’t belong). But now Facebook recognizes that there are some groups that should be more private, so you can require admin approval.

Provided it gets broad distribution (which seems a given), the Send button will probably lead to a boost in Groups usage. It’s always been easy to share links within Groups, but this lowers the bar even further because you don’t have to leave the page you’re reading — you can imagine people using the button to share book reviews with their book club, close friends sharing new ideas for travel destinations, and so on.

And while ‘Send’ may not sound especially exciting given how long other sharing widgets have been around, this is yet another step in Facebook’s mission to reinvent email with their own “modern messaging system“, as CEO Mark Zuckerberg called it. One by one, they’re integrating easy ways to complete tasks that have traditionally been done over email. Today’s launch — sending links to friends — is obviously a huge one, and you can be sure they have others in the works. One other email-replacing feature I’ve heard about (though I’m not sure they’re still working on it): a way to send a structured poll to a subset of your friends.

Facebook says that there are now 50 million Facebook groups, and while not all of these are active, it says that the majority of them are.

Source :- http://techcrunch.com

%d bloggers like this: