Sega Pass System Hacked, Company Informs Customers

June 17, 2011 -

According to a letter posted by our very own E. Zachary Knight at his personal website ezknight.net, Sega has been hacked, and the scope and scale of the security breach seems to be grand in nature. According to the email from Sega, the company was forced to take down its "Sega Pass System" yesterday after it identified that an "unauthorized entry" had occurred with the system's user database.

A "subset" of SEGA Pass members' emails addresses, dates of birth and encrypted passwords were  stolen during that intrusion, says Sega. Thankfully, no credit card or other personal financial information was stolen, and Sega stressed that the stolen data was encrypted and not in "plain text" format.

The usual warnings come with the email: change your password and watch out for any suspicious emails that might ask you to divulge further information. As a rule companies do not ask users to provide personal information within emails.

The full letter can be found below:

Dear XXXX,

As you may be aware, the SEGA Pass system has been offline since yesterday, Thursday 16 June.

Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.

We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.

We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text.

Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion.

If you use the same login information for other websites and/ or services as you do for SEGA Pass, you should change that information immediately.

We have also reset your password and all access to SEGA Pass has been temporarily suspended.

Additionally we recommend you please take extra caution if you should receive suspicious emails that ask for personal or sensitive information.

Therefore please do not attempt to login to SEGA Pass at present, we will communicate when the service becomes available.

We sincerely apologise for this incident and regret any inconvenience caused.

We are contacting all our members with these recommendations.

If you have any further questions please contact SEGA customer support on: mailto:csescalations@sega.com

Thanks to E. Zachary Knight and Andrew Eisen for the tips.


 
Forgot your password?
Username :
Password :

Poll

Did you get a new video game for Christmas?:

Shout box

You're not permitted to post shouts.
Matthew WilsonI meant from a organizational pov end users get it in contract, but any site that would want to use it for 2 factor would have to pay alot of money12/27/2014 - 5:35pm
IanCSMS is expensive? In what country? I get something stupid a month on my contract. I think it might even be unlimited.12/27/2014 - 5:32pm
Matthew WilsonI am still amazed that 2 factor authentication has not become the norm yet. I get sms is expensive, but Google authanacator api is free for any website to use.12/27/2014 - 5:11pm
PHX Corphttp://techcrunch.com/2014/12/27/anonymous-leaked-a-massive-list-of-passwords-and-credit-card-numbers/ Guys change your passwords: Anonymous Leaked A Massive List Of Passwords And Credit Card Numbers12/27/2014 - 3:25pm
Matthew WilsonThis is impressive video editing. basketball tricks with a basketball. https://www.youtube.com/watch?v=OhCQeFX9GSg#t=18112/27/2014 - 2:01pm
MaskedPixelanteDude was at the center of a pretty serious plagiarism scandal back in 2011, and it was widely known he ripped off other musical pieces well before that.12/27/2014 - 9:33am
Kajex@Masked Right, because his work actually composing music for several Metroid games necessitated plagiarism.12/27/2014 - 9:04am
MaskedPixelanteI can't believe Kenji Yamamoto got another job. Then again, his job on Smash was "musical arrangment", so copying other people's work is right up his alley.12/26/2014 - 9:31pm
Matthew Wilsonthe company that hosts it is a cyber security firm, and from what I understand it is the data they they see just shown publicly.12/26/2014 - 8:22pm
Wonderkarpa question about that website, Matthew...how does it know its a cyberattack or not12/26/2014 - 8:06pm
Matthew Wilsonfor those intreasted in seeing cyber attacks in real time check out this site. http://map.ipviking.com/12/26/2014 - 7:51pm
PHX Corp@MP you can add me on XBL and Nintendo Network if you want, I go under TrustyGem(Same gamertag as on Steam)12/26/2014 - 2:01pm
CMinerI blame North Korea.12/25/2014 - 11:49pm
MechaTama31For the last few weeks, the GP site fails to load about 2/3 of the times I try.12/25/2014 - 11:13pm
MaskedPixelanteOK, is GP having trouble loading for anyone but me?12/25/2014 - 9:21pm
Matthew Wilsonits a bunch of script kiddies. ddosing is one of the easiest thing to do,and most companies can not stop it sadly.12/25/2014 - 5:05pm
MaskedPixelanteI like Nintendo as much as the next person, they're pretty much the only company putting out the games I want to play, but that was pretty embarassing to have NNID go down due to overuse.12/25/2014 - 4:35pm
MaskedPixelanteSee? It's NOT a repeat of last year's fiasco.12/25/2014 - 4:22pm
PHX CorpLizard squad is responsible for The XBL/PSN shutdown https://www.youtube.com/watch?v=QSpZvsoWvig12/25/2014 - 4:17pm
IanCOh shut up bitching about Nintendo. At least they advised people to downloading updates before the big day. Sony/MS? Not a peep.12/25/2014 - 3:50pm
 

Be Heard - Contact Your Politician