Sega Pass Attacked – 1.29m Records Affected

Sega has apparently become the latest victim of a network breach.  The attack occurred last Friday, and information belonging to 1. 29 million customers has been stolen from its database.  The blog PlayStation LifeStyle posted a letter sent from Sega to users of its Sega Pass service, informing them that unauthorized entry had been gained to the Sega Pass database, and that the company is investigating.

E-mail addresses, dates of birth, and encrypted passwords were obtained.  The letter indicates that none of the passwords obtained were stored in plain text, and no personal payment information was stored by Sega, meaning payment details were not at risk from this intrusion.

Sega offers a few common sense cautions:

  • If you use the same login information for other websites and/or services as you do for Sega Pass, you should change that information immediately.
  • They have also reset your password and all access to Sega Pass has been temporarily suspended.
  • Please take extra caution if you should receive suspicious e-mails that ask for personal or sensitive information.

The hacking group LulzSec, which has hacked Sony, Nintendo, FBI affiliates, and others rather indiscriminately and with no remorese, has sent out a public tweet addressed to Sega: “@Sega – contact us, we want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.”  So, LulzSec is not responsible for this one, even though it matches their MO very nicely.  They have suddenly become formally organized enough know what all of their “members” are up to, and are nobly motivated to take some action against an unknown attacker.  Personally, I smell barnyard…