Close
Are you sure? Are you sure you want to report this comment? I understand, report it. Cancel

SEGA was hacked after post-PSN security update

Mon 20 Jun 2011 9:17am GMT / 5:17am EDT / 2:17am PDT
Publishing

Changes made in wake of Sony breach failed to protect customer data

The hack that has compromised the personal details of 1.3m SEGA users happened after the company had already tightened security in the wake of the PSN breach.

The company promised over the weekend to "further strengthen [its] network security as a priority," as a result of last week's attack. But "additional changes" had already been made to internal security as a direct response to the assault that brought down Sony's online services, affecting 100m users.

Speaking last month, SEGA West CEO Mike Hayes told GamesIndustry.biz: "We did a security audit as a result of this, which is probably six months earlier [than normal], and it was just a good housekeeping exercise. We made a couple of changes to some of our security systems. I'm sure most people have done exactly the same."

Hayes acknowledged that the PSN hack had been "an interesting wake up call for all of us," adding: "Fortunately we seemed pretty solid so we didn't have to do too many additional changes."

However, on June 17 SEGA issued a statement to customers confirming its security had been bypassed: "Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.

"We immediately took the appropriate action to protect our consumers' data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems."

The publisher confirmed that, while no financial information was stored, "email addresses, dates of birth and encrypted passwords were obtained."

This latest breach raises questions over the scope and implementation of SEGA's internal security review, and will cause further concern for the industry, which has seen companies and services including Codemasters, Bethesda, EVE Online and Minecraft targeted by hackers in recent weeks.

In a statement last week to sister publication Eurogamer, SEGA acknowledged: "The protection of data is an evolving process, as new defences are created so new threats emerge. We will make all improvements necessary as a result of this intrusion."

Speaking on the PSN hack last month, Hayes said: "I think it will just be seen in two or three months as a memory. We just have nothing but sympathy for Sony, because we don't care who you are, you don't want that sort of thing to happen.

"Corporations have problems, they all have problems, but once they're sorted out people just want to get back into gaming."

The SEGA Pass service remains offline while the publisher conducts an investigation.

6 Comments

Andrew Jakobs
Lead Programmer

208 73 0.4
That's the problem with internet security, it's almost impossible to secure it so no breach can happen. Systems get more and more complicated, and hackers always find new flaws/exploits. And as you can see from this breach, a security audit doesn't find all the problemspots..

Posted:2 years ago

#1

Josiah Jackson
3D Game Artist

3 0 0.0
Any system can be exploited; unfortunately the laws have not advanced at the same rate as technology.

Posted:2 years ago

#2

Shane Sweeney
Academic

329 211 0.6
Except all the attacks by LulzSec were of a completely simplistic nature. These arent complex systems being exploited. If your site is vulnerable to SQL injection the bare minimum level of security hasn't been reached.

http://xkcd.com/327/

If your company site is vulnerable to that kind of attack its probably best you don't have a website. And if you hold peoples personal data and are vulnerable to this kind of attack, the company should be held accountable; breach or no breach.

Edited 1 times. Last edit by Shane Sweeney on 20th June 2011 10:52pm

Posted:2 years ago

#3
Its skynet, only John Connor can save us now.

Posted:2 years ago

#4
Sorry Andy, there's nowt I can do :D

Posted:2 years ago

#5
hahahaha, brilliant!

Posted:2 years ago

#6

Login or register to post

Take part in the GamesIndustry community

Register now