Hackers Snag 1.3 Million Sega Pass Accounts

[Andy Chalk]

Hackers Snag 1.3 Million Sega Pass Accounts

The Sega Pass [http://www.sega.com/sega-pass/] hack that occurred last week appears to be more serious than originally thought, with as many as 1.3 million users affected by the attack.

Sega revealed in an email to its users last week that someone had made an "unauthorized entry" into its Sega Pass database. The company said that "a subset of Sega Pass members email addresses, dates of birth and encrypted passwords were obtained," but emphasized that none of the lost passwords had been stored in plain text. Sega Pass was temporarily taken offline and the company recommended that people change their passwords but otherwise, in the grand scheme of recent events, it didn't appear to be an overly remarkable breach.

That was then, this is now, and it's starting to sound like things might be a bit worse than they initially appeared. Sega said yesterday that the names, birth dates, email addresses and encrypted passwords of 1.3 million customers had been stolen in the hack, a far cry from the 100 million or so who were caught in the PSN train wreck but still a mighty big boatload of people.

"We are deeply sorry for causing trouble to our customers," said Sega rep Yoko Nagasawa. "We want to work on strengthening security."

Yet as GamesIndustry [http://www.gamesindustry.biz/articles/2011-06-20-sega-was-hacked-after-post-psn-security-update] pointed out, Sega had already taken steps to evaluate and tighten its security systems in the wake of the PSN debacle. "We did a security audit as a result of [the PSN hack], which is probably six months earlier [than normal], and it was just a good housekeeping exercise. We made a couple of changes to some of our security systems. I'm sure most people have done exactly the same," Sega West CEO Mike West said last month. "Fortunately we seemed pretty solid so we didn't have to do too many additional changes."

It's not yet known who actually committed the attack, or when Sega Pass will be back online.

Source: Joystiq [http://www.reuters.com/article/2011/06/19/us-sega-hackers-idUSL3E7HJ01520110619]


Permalink

 

[Sixties Spidey]

In before Lulzsec accusations. Hopefully shit like this will send a message to the industry and protect themselves better from hack attacks.

 

[imnot]

In before Lulzsec accusations. Hopefully shit like this will send a message to the industry and protect themselves better from hack attacks.

Well fuck, anyhow I bet it was those crazy bastards.

 

[Micah Weil]

This is...starting to become a bit uncomfortable, actually. It's gone from "D'aww, ain't that cute" to "...okay, seriously. You're starting to become a bit scary."

 

[deth2munkies]

I actually did not know I HAD a Sega Pass account until I got the e-mail from them about this last week...

 

[NLS]

Doubt it was LulzSec, as they haven't mentioned anything on their twitter about it. (plus I think they liked SEGA (or was it just Nintendo?))

 

[Onyx Oblivion]

I'm sorry to ask this...

But WTF is "SEGA Pass"?

I don't recall finding an "online pass" in my Vanquish last fall.

Anyway, this hacking going on everywhere is insane.

 

[Baresark]

I mean, no one should store stuff like that online. That much is painfully obvious. I remember in the fledgling days of the internet, a lot of people, including myself, never actually entered real information. Everything changed when you actually had to put real information to match billing options and what not, but I basically went back to that. You can't stop these attacks, if someone wants in, they will get in. It's like a car lock. Security is a deterrent, but if someone wants something in that car bad enough, they are just going to break in and take it.

Painfully, we are one step closer to the government stepping in now. It wouldn't even be an issue if companies were bombarding everyone with advertising all the time, no one could sell these things if no one would buy them. The supply simply grows to meet the demand.

 

[Baresark]

Doubt it was LulzSec, as they haven't mentioned anything on their twitter about it. (plus I think they liked SEGA (or was it just Nintendo?))

Haha, they do it for lulz. So it's most likely not them. I mean, previously, they have never stolen anything. But, now lets watch the huge influx of lulzsec accusations, and maybe a few Anon accusations, it'll be fun. They pretty much like companies that don't treat their customers like shit, so Sega and Nintendo are likely both safe, but if I were to have a hitlist of companies to hack for fun, it would go something like:

Sony
Microsoft
EA
Activision
Ubisoft
THQ
ETC......

You get my meaning I'm sure. Some of these have already been hit, but I mean, those are the companies that treat their customers like trash on a regular basis, at least the ones that come immediately to mind.

 

[Covarr]

At least SEGA had the sense to encrypt the passwords.

P.S. Thanks

 

[Yukinari]

What else is new. Im pretty sure this year is the year of the hacker. Anyone who hacks has good fortune and still isnt being caught by the government.

 

[Grufflenark]

In before Lulzsec accusations. Hopefully shit like this will send a message to the industry and protect themselves better from hack attacks.

I was gonna write
Probably Lulzec again.

 

[Grufflenark]

Doubt it was LulzSec, as they haven't mentioned anything on their twitter about it. (plus I think they liked SEGA (or was it just Nintendo?))

Haha, they do it for lulz. So it's most likely not them. I mean, previously, they have never stolen anything. But, now lets watch the huge influx of lulzsec accusations, and maybe a few Anon accusations, it'll be fun. They pretty much like companies that don't treat their customers like shit, so Sega and Nintendo are likely both safe, but if I were to have a hitlist of companies to hack for fun, it would go something like:

Sony
Microsoft
EA
Activision
Ubisoft
THQ
ETC......

You get my meaning I'm sure. Some of these have already been hit, but I mean, those are the companies that treat their customers like trash on a regular basis, at least the ones that come immediately to mind.

THQ isn't too bad.
Activision not hacked = pure luck.

Edit: Also derp double post.

 

[fundayz]

There's over 1 million Sega accounts?!!

Ubisoft
THQ

You get my meaning I'm sure. Some of these have already been hit, but I mean, those are the companies that treat their customers like trash on a regular basis, at least the ones that come immediately to mind.

I've never been treated badly by either of these two companies...

 

[Baresark]

snip

snip

THQ isn't too bad.
Activision not hacked = pure luck.

Edit: Also derp double post.

Haha, I find it hard to believe they weren't top on the list. It's extreme luck.

There's over 1 million Sega accounts?!!

Ubisoft
THQ

You get my meaning I'm sure. Some of these have already been hit, but I mean, those are the companies that treat their customers like trash on a regular basis, at least the ones that come immediately to mind.

I've never been treated badly by either of these two companies...

Ubisoft screwed it's customers with ridiculous DRM, in specific reference to AssCreed 2. They seemed to have fixed it though(I think). THQ did something recentely... but I am actually drawing a blank... so, I take back what I said about THQ. Now that I think about it, they did the Warhammer 40k games, and I don't have any complaints about them one bit. They even did away with using GFWL, which is a big stoke in their favor.

Ubisoft -

Ubisoft had, for a time, used the controversial StarForce copy protection technology that installs drivers on a system and is known to cause some hardware problems and compatibility issues with certain operating systems[citation needed], starting with the game Tom Clancy's Splinter Cell: Chaos Theory, which was not compatible with Windows XP Professional x64 Edition for quite some time, until a patch was released by the makers of StarForce.[citation needed] On 14 April 2006, Ubisoft confirmed that they would stop using StarForce on their games, citing complaints from customers.[38]
In the February 2008 issue of Electronic Gaming Monthly (EGM), Editor-in-Chief Dan ?Shoe? Hsu asserted that Ubisoft had ceased to provide all Ubisoft titles to the EGM for any coverage purposes as a result of prior critical previews and negative reviews.[39][40]
Yves Guillemot, the CEO of Ubisoft, was quoted in the company's third-quarter 2008-09 sales report as saying "as some of our games did not meet the required quality levels to achieve their full potential, they need more sales promotions than anticipated."[41]
In January 2010, Ubisoft has announced the Online Services Platform, which forces customers to not only authenticate on the first game launch, but to remain online continually while playing, with the game even pausing if network connection is lost. This makes it impossible to play the game offline, to resell it, and means that should Ubisoft's servers go down, the game will be unplayable.[42] In February 2010, review versions of Assassin's Creed II and Settlers 7 for PC contained this new DRM scheme, confirming that it is already in use, and that instead of pausing the game, it would discard all progress since the last checkpoint or save game.[43] However, subsequent patches for Assassin's Creed 2 allow the player to continue playing once their connection has been restored without lost progress.[44] In March 2010 outages to the Ubisoft DRM servers were reported, causing about 5% of legitimate buyers to be unable to play Assassin's Creed 2 and Silent Hunter 5 games.[45][46] Ubisoft initially said this was the result of the number of users attempting to access their servers to play, however Ubisoft later claimed that the real cause of the outages were denial-of-service attacks.[45][46][47]
The company's use of Aaron Priceman, also known as Mr. Caffeine, as a spokesman at E3 2011 was criticized for its reliance on witty remarks, sexual innuendos and imitations of video game sound effects with little to no response from the audience.

 

[PipPup]

MAKE this STOP.

 

[Irridium]

I forgot to change my SEGA pass password after the PSN hack. So the hackers got my old, no-longer-good password.

Phwew, dodged a bullet there...

 

[AgentBJ09]

MAKE this STOP.

Hopefully someone can. These hack reports are coming in once a week now.

 

[Irridium]

Ubisoft screwed it's customers with ridiculous DRM, in specific reference to AssCreed 2. They seemed to have fixed it though(I think).

If by "fix" you mean "can disconnect net while playing, but still need to authenticate the game every time you start it up" then yes, they "fixed" it.

Fuck Ubisoft. They didn't fix it, they're just screwing you slightly less harder. And they're still screwing you pretty hard.

 

[Gennadios]

Doubt it was LulzSec, as they haven't mentioned anything on their twitter about it. (plus I think they liked SEGA (or was it just Nintendo?))

After the Streets of Rage Remake fiasco, I doubt lulzsec would have much of a soft spot for SEGA.

Has anyone noticed that there hadn't been any recent high profile MMO hackings? MMO developers have had decades of experience and can cover their asses, if companies insist on having their BS user accounts for everything they release nowadays, time to start securing them like MMO accounts.