Sega, the latest victim of hackers, has confirmed on Saturday that personal data of 1.29 million customers was stolen. Just a day before, Sega announced that they had identified that unauthorized entry was gained to their SEGA Pass database, accessing customers' names, e-mail addresses, dates of birth and encrypted passwords. Sega immediately isolated the location of the breach to protect the data, and launched an investigation.
According to a company statement, SEGA Pass was illegally accessed from outside and personal information of all 1,290,755 customers of the service... were brought outside of the system.
Sega continued to emphasize the safety of payment information, such as credit card numbers, claiming that no personal payment information was stored by SEGA who uses external payment providers, meaning your payment details were not at risk from this intrusion.
The hacking was done only in Japanese on the Japanese website. For English language users, the only influence is the temporary shutdown of SEGA Pass service. SEGA Pass is going through some improvements so is currently unavailable for new members to join or existing members to modify their details including resetting passwords. We hope to be back up and running very soon, stated the website.
We express our sincerest apologies to our customers for the inconvenience and concern caused by this matter. Sega Pass is the service used to provide information about our new products to registered members and does not hold any customer financial information, the company said in a statement.
We are deeply sorry for causing trouble to our customers. We want to work on strengthening security, Yoko Nagasawa, a Sega spokeswoman told Reuters.
It is in such a time Sega found a friend among the enemy circle.
LulzSec, the hacker group involved in a number of high-profile attacks against Sony, PBS, Fox.com, the US Senate, the CIA, EVE Online, Minecraft and League of Legends, and Sega competitor Nintento, has denied involvement in the Sega hack, and instead expressed support to take revenge against the hackers. Sega - contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down, the hacker group tweeted after Sega's announcement.
According to a recent press release from LulzSec, the hacker group is doing a favor to internet users by releasing the data, instead of keeping them hidden.
Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure others are playing the silent game, the release stated. What makes you think a hacker isn't silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. A toy. A string of characters with a value.
And that's what you should be fearful of, LulzSec claimed, not us releasing things publicly, but the fact that someone hasn't released something publicly.
We're sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn't told you? No one would be aware of this theft, and we'd have a fresh 200,000 peons to abuse, completely unaware of a breach.
By going public about their hacking activities, LulzSec appeals to be benign and free from political interest, unlike its rival group Anonymous. While the tension between LulzSec and Anonymous seems to rise, both groups denied the war. Saying we're attacking Anonymous because we taunted /b/ is like saying we're going to war with America because we stomped on a cheeseburger, LulzSec tweeted, while Anonymous tweeted the same day, We are NOT at war with LulzSec.
Sega has not identified who is responsible for the SEGA Pass breach. Can it be Anonymous, or some new hacker group that wants to enter the war field? Before Sega's investigators, we may hear earlier from LulzSec who's set to hunt down the Sega hackers.