Bethesda is encouraging users to reset their passwords following a weekend security breach on the company's servers. In a blog post today, the developer explained that although no personal financial information or credit card data was stolen, the hackers have gained access to usernames, email addresses and passwords for all of the company's websites, including its community forums and Brink statistics site.
Bethesda didn't outwardly accuse any person or party for the attack, saying only that a "hacker group" is responsible. However, Lulz Security (LulzSec), the folks behind the recent Sony Pictures breach, have claimed accountability for the act. Through its Twitter account, the group admitted to having its sights set on Bethesda yesterday, and in fact has been poking around on the company's network for more than two months.
In its usual fashion, the group has released some of the swiped data via BitTorrent. When the group hacked Sony Pictures, it offered tons of sensitive user information along with Sony music coupons, the layout of Sony's database and more via BitTorrent. In that particular case, LulzSec gained entry with a simple SQL injection and found sensitive user data including addresses and passwords stored unencrypted.
It doesn't seem like Bethesda was quite as feeble, but LulzSec still snuck in. "Some weeks ago, we smashed into Brink with our heavy artillery Lulz Cannons and decided to switch to ninja mode. From our LFI entry point, we acquired command execution via local file inclusion of enemy fleet Apache vessel. We then found that the HTTPD had SSH auth keys, which let our ship SSH into other servers. See where this is going?"
"After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck." The torrent includes everything LulzSec swiped -- except the data of more than 200,000 Brink users. In a peculiar nod of respect, the group said it actually liked Bethesda and wanted to give it "one less thing to worry about."
Along with releasing Bethesda's data, LulzSec has published some internal data from Senate.gov. This follows less than a month after the US warned hackers that it would respond to cyber-attacks as any other hostile threat, including military force if deemed necessary. Just last week, the hacker collective Anonymous essentially told NATO to back off. "Do not make the mistake of challenging Anonymous," the group said.