Now the combo publisher-developer behind games Morrowind, Oblivion, Fallout 3 and upcoming monster-roleplaying followup Skyrim has been hacked. Don’t take my word for it, take theirs. Bethesda Softworks just admitted the breach in an official blog post, explaining that an unidentified group of hackers snuck in and had its way with Bethesda’s web farm last weekend.
“Over the past weekend, a hacker group attempted an unlawful intrusion of our websites to gain access to data,” wrote a Bethesda staffer in the post. “We believe we have taken appropriate action to protect our data against these attacks.”
What sot of data are we talking this time? The usual: names, email addresses and passwords. Bethesda says “no personal financial information or credit card data was obtained,” thus it looks like a so-called “grey hat” hack, in which the perps were doing it to expose security weaknesses, albeit willing to break the law to do so. Contrast with “white hat” (“ethical”) and “black hat” (“malicious”) stances.
Bethesda recommends members of its community sites change their passwords, and that if your login credentials resemble those used at other sites, you change them there as well. Also: beware strange emails and suspicious account activity.
How’d the hacker gain entry? Bethesda’s not saying, but the group claiming credit—yep, the folks at LulzSec, also behind other notorious and recent hacks—says it used LFI, or “local file inclusion” (inserting a remote file locally to execute code) to break in and make off with “all [Bethesda’s] source code and database passwords,” which the group then made available through Bitorrent sites. The only thing excluded: “200,000+ Brink users.” LulzSec says it “actually [likes] this company and would like for them to speed up the production of Skyrim,” suggesting—ridiculously—that the hack should give Bethesda “one less thing to worry about.”
What’s more, in a separate statement, LulzSec revealed it’s been poking around the U.S. Senate’s website.
We don’t like the US government very much. Their boats are weak, their lulz are low, and their sites aren’t very secure. In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more!
Followed by? What else: an info-dump. In this instance, a relatively innocuous one (apparently a directory listing and file map of an Apache server), though—assuming the info’s legit—I wouldn’t expect the government to react as if it’s simply had its feathers ruffled.