Forums Offline, Company Confirms Personal But Not Financial Data Stolen
Today, Sega became a part of the rash of Internet hacking that has plagued the world in recent weeks.
Several users of both the Sega Pass service and the Sega forums, which utilizes Sega Pass, have received E-mails from the company that state the service has been offline since late yesterday, and that “a subset” of accounts on the service were compromised. It is not clear exactly how many accounts were affected.
Compromised account data included E-Mail addresses, dates of birth, and encrypted passwords. Sega stressed no passwords are stored as plain text, and also stressed no financial information was compromised in the case of Sega Pass, as that is stored with a third party.
As of this article’s publication, the Sega forums are down for maintenance, and users are asked not to login to their accounts.
UPDATE: The Twitter account for the loosely banded group of hackers known as LulzSec, themselves responsible for several other Internet hacks of late, has issued a short statement distancing themselves from this particular incident, and even offering to track down whoever is responsible:
@Sega – contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.
One of our News Tipsters, xTwoTails, received this E-Mail from Sega explaining the situation, and we have it below. If you’ve received this message, it means your account has been compromised, and it likely means you have to change your passwords to protect yourself.
We will have more on this developing story as it becomes available.
As you may be aware, the SEGA Pass system has been offline since yesterday, Thursday 16 June.
Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.
We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.
We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text.
Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion.
If you use the same login information for other websites and/or services as you do for SEGA Pass, you should change that information immediately.
We have also reset your password and all access to SEGA Pass has been temporarily suspended.
Additionally we recommend you please take extra caution if you should receive suspicious emails that ask for personal or sensitive information.
Therefore please do not attempt to login to SEGA Pass at present, we will communicate when the service becomes available.
We sincerely apologise for this incident and regret any inconvenience caused.
We are contacting all our members with these recommendations.