UPDATE: Added SEGA’s official word on this below.
And yet it goes on. We might as well just have a ticker tape at the top of the site saying who’s been hacked, it’ll be quicker than posting every time… Latest game firm to suffer a security breach/attack is SEGA. It’s not just a DDoS this time though – their online gaming service SEGA Pass has been broken into, and details made off with. “We have identified that a subset of SEGA Pass members’ emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text,” says the publisher. SEGA Pass seems to involve plenty of PC games, including stuff like registering for info on Total War and stuff like that, so it’s more than possible you’ve signed up at some point without entirely realising.
Lulzsec have claimed they’re not responsible for this one, which raises the alarming idea that there’s more than one group of people up to this kind of thing. SEGA have automatically reset everyone’s password already and taken the service offline for the time being, but if you’d signed up for one or some of their sites/games with login details you use for other stuff, you’d better go change everything. Again. You know the drill by now, right?
SECURITY ISSUE WITH THE SEGA PASS SYSTEM
LONDON, TOKYO & SAN FRANCISCO – (June 19th, 2011) – SEGA® Europe Ltd. has identified that unauthorized entry was gained to the SEGA Pass system and 1,290,755 customers’ information including SEGA Pass members name, email addresses, dates of birth and encrypted passwords were obtained.
We express our sincerest apologies to our customers for the inconvenience and concern caused by this matter. SEGA Pass is the service used to provide information about our new products to registered members and does not hold any customer financial information.
After the unauthorized entry was identified, we immediately stopped the SEGA Pass service and took emergency action to prevent further damage. This action included immediately contacting all our registered SEGA Pass users. We are now fully investigating the cause of the incident.
We have also examined the possibility of any other information loss from unauthorized access across our other services and can confirm there are no other verified incidents.
We will immediately report through the website of SEGA® Europe Ltd. (www.sega.com) should there be any further developments regarding this issue.
We deeply regret that such unauthorized access occurred. We will go on to further strengthen our network security as a priority issue and strive to prevent any potential recurrence.