Sega Corp. Hacked; More Than A Million Users May Be Affected

LulzSec says it didn't do this one; offers to go after the bad guys

Dark Reading Staff, Dark Reading

June 21, 2011

2 Min Read

Hackers have infiltrated Sega Corp.'s Pass database and stolen names, birth dates, and email addresses of "a subset" of its customer base, the company said this weekend.

"We have identified that a subset of SEGA Pass members' email addresses, dates of birth, and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text," Sega said in a statement.

"Please note that no personal payment information was stored by Sega as we use external payment providers, meaning your payment details were not at risk from this intrusion," the statement says. "If you use the same login information for other websites and/or services as you do for SEGA Pass, you should change that information immediately."

Sega did not say how the database was breached. In news reports later confirmed by Sega, the total number of accounts compromised was calculated at approximately 1.3 million.

LulzSec, the hacker group which has claimed responsibility for a number of attacks on gaming company websites and databases in recent weeks, said it did not attack Sega.

"@Sega - contact us. We want to help you destroy the hackers that attacked you," LulzSec said on Twitter Friday. "We love the Dreamcast, these people are going down."

Vinnie Liu, a partner at the security consulting firm Stach & Liu, said Sega might be naive in its assertion that the stolen passwords are safe because they are encrypted.

"[Sega said] it'd take quite a while longer to expose an encrypted password than it would to expose a password that'd been stored in plain text," Liu noted. "This would be true if by 'quite a while longer' they mean 'a few seconds longer.' Using modern password brute-forcing tools, offline cracking of a password takes mere moments, and considering the quality of passwords that we've seen from the other breaches, I think a few seconds would be generous."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights