LulzSec says it didn't do this one; offers to go after the bad guys
Hackers have infiltrated Sega Corp.'s Pass database and stolen names, birth dates, and email addresses of "a subset" of its customer base, the company said this weekend.
"We have identified that a subset of SEGA Pass members' email addresses, dates of birth, and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text," Sega said in a statement.
"Please note that no personal payment information was stored by Sega as we use external payment providers, meaning your payment details were not at risk from this intrusion," the statement says. "If you use the same login information for other websites and/or services as you do for SEGA Pass, you should change that information immediately."
Sega did not say how the database was breached. In news reports later confirmed by Sega, the total number of accounts compromised was calculated at approximately 1.3 million.
LulzSec, the hacker group which has claimed responsibility for a number of attacks on gaming company websites and databases in recent weeks, said it did not attack Sega.
"@Sega - contact us. We want to help you destroy the hackers that attacked you," LulzSec said on Twitter Friday. "We love the Dreamcast, these people are going down."
Vinnie Liu, a partner at the security consulting firm Stach & Liu, said Sega might be naive in its assertion that the stolen passwords are safe because they are encrypted.
"[Sega said] it'd take quite a while longer to expose an encrypted password than it would to expose a password that'd been stored in plain text," Liu noted. "This would be true if by 'quite a while longer' they mean 'a few seconds longer.' Using modern password brute-forcing tools, offline cracking of a password takes mere moments, and considering the quality of passwords that we've seen from the other breaches, I think a few seconds would be generous."
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024