Security Bytes

Jun 21 2011   1:18PM GMT

Sega breach affects more than one million

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

Breach is part of a string of high profile attacks targeting gaming networks and other websites. Experts say enterprises should assess their basic security defenses.

Sega Corp. has warned its customers of a major breach of its systems which had exposed the personal information of users of its Sega Pass gaming network.

The gaming giant took its network offline June 16 when it detected a breach of its systems. In an email to users, the company said the exposed data included names, email addresses, and dates of birth of about one million users of its gaming platform.

“We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text,” the company said in a statement posted to its website. “If you use the same login information for other websites and/ or services as you do for SEGA Pass, you should change that information immediately.”

A company spokesperson told Reuters that the breach affected 1.3 million users. Sega has not explained how its network was breached.

The breach is one in a string of high profile data breaches that have plagued a number of enterprises. The successful attacks have highlighted many basic security lapses. Web application vulnerabilities continue to plague even the most popular websites. For example, a Citigroup breach reportedly involved a fairly common business logic vulnerability, which enabled the attacker to alter the URL to access other accounts. That breach affected more than 200,000 customers. SQL injection and cross-site scripting errors continue to be problematic, experts say. In addition, organizations are failing to analyze the location of sensitive data to put appropriate security layers in place.

Sony has been bolstering its systems after a spate of data breaches to its various networks resulting in exposure of sensitive information on as many as 100 million users. The breach affected millions of users of its PlayStation Network. Sony took its gaming network down for nearly a month after detecting the attack. The scope of the breach was later expanded to other websites that are part of its Online Entertainment division. Sony discovered a cache of outdated credit card data stored on a server, which was exposed during the breach.

A hacker group called LulzSec, which communicates its attacks via Twitter, has been targeting the websites of enterprises and government agencies. The hacktivist group reportedly claimed responsibility for the Sony breach but said it had no involvement in the Sega attack. The group claims to have breached the websites of the FBI, CIA and PBS, among others.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: