SEGA was hacked after post-PSN security update

Changes made in wake of Sony breach failed to protect customer data

The hack that has compromised the personal details of 1.3m SEGA users happened after the company had already tightened security in the wake of the PSN breach.

The company promised over the weekend to "further strengthen [its] network security as a priority," as a result of last week's attack. But "additional changes" had already been made to internal security as a direct response to the assault that brought down Sony's online services, affecting 100m users.

Speaking last month, SEGA West CEO Mike Hayes told "We did a security audit as a result of this, which is probably six months earlier [than normal], and it was just a good housekeeping exercise. We made a couple of changes to some of our security systems. I'm sure most people have done exactly the same."

Hayes acknowledged that the PSN hack had been "an interesting wake up call for all of us," adding: "Fortunately we seemed pretty solid so we didn't have to do too many additional changes."

However, on June 17 SEGA issued a statement to customers confirming its security had been bypassed: "Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.

"We immediately took the appropriate action to protect our consumers' data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems."

The publisher confirmed that, while no financial information was stored, "email addresses, dates of birth and encrypted passwords were obtained."

This latest breach raises questions over the scope and implementation of SEGA's internal security review, and will cause further concern for the industry, which has seen companies and services including Codemasters, Bethesda, EVE Online and Minecraft targeted by hackers in recent weeks.

In a statement last week to sister publication Eurogamer, SEGA acknowledged: "The protection of data is an evolving process, as new defences are created so new threats emerge. We will make all improvements necessary as a result of this intrusion."

Speaking on the PSN hack last month, Hayes said: "I think it will just be seen in two or three months as a memory. We just have nothing but sympathy for Sony, because we don't care who you are, you don't want that sort of thing to happen.

"Corporations have problems, they all have problems, but once they're sorted out people just want to get back into gaming."

The SEGA Pass service remains offline while the publisher conducts an investigation.

Related stories

Sega Europe promotes John Clark, Tim Heaton

Executive vice president roles see Clark take greater role in publishing as Creative Assembly studio director Heaton gains wider influence

By Brendan Sinclair

"Sega had a plan, to quietly become a powerhouse in PC publishing"

Relic Entertainment's Justin Dowdeswell on regaining stability after THQ's collapse, and the imminent launch of Dawn of War III

By Matthew Handrahan

Latest comments (6)

Andrew Jakobs Lead Programmer 6 years ago
That's the problem with internet security, it's almost impossible to secure it so no breach can happen. Systems get more and more complicated, and hackers always find new flaws/exploits. And as you can see from this breach, a security audit doesn't find all the problemspots..
0Sign inorRegisterto rate and reply
Josiah Jackson 3D Game Artist 6 years ago
Any system can be exploited; unfortunately the laws have not advanced at the same rate as technology.
0Sign inorRegisterto rate and reply
Shane Sweeney Academic 6 years ago
Except all the attacks by LulzSec were of a completely simplistic nature. These arent complex systems being exploited. If your site is vulnerable to SQL injection the bare minimum level of security hasn't been reached.

If your company site is vulnerable to that kind of attack its probably best you don't have a website. And if you hold peoples personal data and are vulnerable to this kind of attack, the company should be held accountable; breach or no breach.

Edited 1 times. Last edit by Shane Sweeney on 20th June 2011 10:52pm

0Sign inorRegisterto rate and reply
Show all comments (6)
Andy Russell Programmer, Blitz Games Studios6 years ago
Its skynet, only John Connor can save us now.
0Sign inorRegisterto rate and reply
Sorry Andy, there's nowt I can do :D
0Sign inorRegisterto rate and reply
Andy Russell Programmer, Blitz Games Studios6 years ago
hahahaha, brilliant!
0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.