Sega Breach Exposes 1.3 Million Accounts

Monday, June 20, 2011



Officials for the Japanese gaming company Sega have confirmed that 1.3 million customer accounts have been exposed in an unauthorized access event.

The breach occurred in the company's European Sega Pass website networks, exposing customer names, dates of birth, email addresses and encrypted passwords. Officials believe no credit card data was compromised.

Sega has suspended the Sega Pass service while an investigation is underway. The company vowed to improve security efforts, and indicated they would release more information on the breach as it became available.

"We sincerely apologise for troubles this incident has caused to our customers. An investigation has been launched to find the cause and channels used for the leakage," Sega officials said in a statement.

Sega also made the following recommendations:

  • If you use the same login information for other websites and/or services as you do for Sega Pass, you should change that information immediately.
  • We have also reset your password and all access to Sega Pass has been temporarily suspended.
  • Additionally we recommend you please take extra caution if you should receive suspicious e-mails that ask for personal or sensitive information.

The Sega breach follows attacks on other gaming giants, including multiple assaults on Sony and an attack against Nintendo.

In an odd turn of events, the most likely suspect in the attack against Sega, the hacker collective LulzSec, apparently was not involved in this latest event and has offered to help Sega track down the culprits.

"@Sega - contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down," a LulzSec tweet offered.

Reports indicate that LulzSec conducted a successful attack against a public-facing website of the Central Intelligence Agency last week. LulzSec has also claimed responsibility for recent attacks against the U.S. Senate website, PBS, as well as networks belonging to the Atlanta chapter of FBI affiliate InfraGard.

LulzSec also claims to have also hacked Sony Pictures, Sony Entertainment and Sony BMG, compromising the data for over one million customers as well as gaining access to admin passwords, music "codes" and "coupons".

The hack against the CIA sight prompted patriot-hacker The Jester to initiate a campaign to expose members of LulzSec.

“Expect me. My silence is not an indication of weakness, as your mouth is an indication of yours,” and that “no comforting words from this point on. My silence previous, and forthcoming, is the anti-you," The Jester said in a recent tweet.

The Jester is known mostly for his repeated denial of service attacks on militant Jihadi websites (video), a psy-ops campaign against Libyan loyalists, as well as his attack on the WikiLeaks website in late November that forced the organization to shuffle Internet hosting providers.

Possibly Related Articles:
Jester Headlines th3j35t3r Hacktivist hackers breach Sega
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.