Posted by: Robert Westervelt
Data Breaches and Identity Theft, Web application security, website vulnerabilities
Breach is part of a string of high profile attacks targeting gaming networks and other websites. Experts say enterprises should assess their basic security defenses.
Sega Corp. has warned its customers of a major breach of its systems which had exposed the personal information of users of its Sega Pass gaming network.
The gaming giant took its network offline June 16 when it detected a breach of its systems. In an email to users, the company said the exposed data included names, email addresses, and dates of birth of about one million users of its gaming platform.
“We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text,” the company said in a statement posted to its website. “If you use the same login information for other websites and/ or services as you do for SEGA Pass, you should change that information immediately.”
A company spokesperson told Reuters that the breach affected 1.3 million users. Sega has not explained how its network was breached.
The breach is one in a string of high profile data breaches that have plagued a number of enterprises. The successful attacks have highlighted many basic security lapses. Web application vulnerabilities continue to plague even the most popular websites. For example, a Citigroup breach reportedly involved a fairly common business logic vulnerability, which enabled the attacker to alter the URL to access other accounts. That breach affected more than 200,000 customers. SQL injection and cross-site scripting errors continue to be problematic, experts say. In addition, organizations are failing to analyze the location of sensitive data to put appropriate security layers in place.
Sony has been bolstering its systems after a spate of data breaches to its various networks resulting in exposure of sensitive information on as many as 100 million users. The breach affected millions of users of its PlayStation Network. Sony took its gaming network down for nearly a month after detecting the attack. The scope of the breach was later expanded to other websites that are part of its Online Entertainment division. Sony discovered a cache of outdated credit card data stored on a server, which was exposed during the breach.
A hacker group called LulzSec, which communicates its attacks via Twitter, has been targeting the websites of enterprises and government agencies. The hacktivist group reportedly claimed responsibility for the Sony breach but said it had no involvement in the Sega attack. The group claims to have breached the websites of the FBI, CIA and PBS, among others.