Sega Network Joins the Hacked and Humbled

The hacker community appears to be divided over a break-in suffered last week by Sega’s database.

The hack reportedly led to the theft of the emails, addresses, dates of birth and encrypted passwords of about 1.3 million members of the Sega Pass online network.

This led hacker group LulzSec, whose victims range from Sony to the FBI and the CIA, to threaten retribution against the culprits.

Sega took the system offline last week after the hack. It said the victims’ personal payment information was not at risk as it uses external payment providers.

Further, Sega has reset the passwords of the system’s members and suggested they change their login information for other sites if they use the same information as they did on the Sega network.

LulzSec tweeted an invitation to Sega to contact the group for help in retaliating against the hackers.

The brouhaha among the hacker communities appears to be a battle for bragging rights, suggested Mike Paquette, chief strategy officer at Corero Network Security.

“This pledge of reaction to the Sega attack … seems to follow the ideology of exposing other security experts as having less expertise than they claim,” Paquette told TechNewsWorld.

About the Sega Hack

In its disclosure of the hack, Sega warned members of the Sega Pass network to be wary of suspicious emails that ask for personal and sensitive information.

It also requested members not to try to log onto the network, and it pledged to inform them when it’s up again.

Checks of Sega’s blog) and forums site on Monday morning found both had been shut down “for maintenance,” although Sega’s e-store is still open.

“The site’s down so it has affected them, though as far as I can tell, no credit card information was taken,” Lewis Ward, a research manager at IDC, told TechNewsWorld. “I’d say it’ll be an ongoing nuisance until more secure services are restored.”

The Sega hack is far smaller in scope than the hack into Sony’s network, and far less information was taken, Ward said.

“I assume Sega services will be back online in less time than it took Sony to resume their services, but it’s too early to say how much damage has been done,” Ward surmised.

Long Since the Days of Genesis

Sega, which used to manufacture home video game consoles under its own brand, stopped doing so in 2001 to focus on its arcade game hardware and software business, and to develop game software for consoles from other manufacturers.

It now makes video games for the PlayStation 3, PlayStation Portable, PlayStation Network, Xbox 360, Xbox Live, Kinect, the Nintendo DS, the Wii, WiiWare and the iPhone and iPad, as well as for PCs.

“They’re clearly in the top 20 of the most important global video game developers and publishers,” IDC’s Ward said.

Sega uses the Sega Pass network to distribute free content to customers, including demos, mini-games and a newsletter.

The company sells some online content and games through Sega Pass, which it also uses for marketing, Ward stated.

Security and Sega

Shutting down the Sega Pass network “has serious consequences for the company,” and shows it’s taking the hack seriously, Corero’s Paquette said.

Perhaps Sega’s move was the result of lessons learned from Sony’s response to the hack on its website. Sony did not disclose news of the attack for some time, sparking customers’ anger and leading to questions from Congress.

LulzSec’s vow of retribution against the hackers who cracked the Sega Pass network was likely a move to establish the hacker group’s ranking as security elites, Paquette opined.

However, there could also be more personal motives.

“It’s possible that personal affinity for Sega games by some individuals within groups such as LulzSec might elicit such a response,” Paquette suggested.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Hacking

Technewsworld Channels