Sega online pass database compromised - wtf?

mystic86

Hi all,

not sure if this is the right section...

did ye hear about the Sega online pass database being compromised??

all well and good (well, not good) until I received a generic type email from SEGA telling customers about the problem...

but you see, I don't own any sega online pass that I know of.. I'm very confused

the email also started Dear John... my name isn't John.

jaykhunter

sounds like a phishing scam. can u post the message? (omit ur email of course lol)

mystic86

sounds legit:

Dear John,

As you may be aware, the SEGA Pass system has been offline since yesterday, Thursday 16 June.

Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.

We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.

We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text.

Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion.

If you use the same login information for other websites and/or services as you do for SEGA Pass, you should change that information immediately.

We have also reset your password and all access to SEGA Pass has been temporarily suspended.

Additionally we recommend you please take extra caution if you should receive suspicious emails that ask for personal or sensitive information.

Therefore please do not attempt to login to SEGA Pass at present, we will communicate when the service becomes available.

We sincerely apologise for this incident and regret any inconvenience caused.

We are contacting all our members with these recommendations.

If you have any further questions please contact SEGA customer support on csescalations@sega.com

Antar Bolaeisk

It is legit, RPS have a notice about it. Problem is, what games does this affect? I think I'm still okay but I think that Spiral Knights F2P game was Sega and I'm afraid I might be on the list.

Gunmonkey

SEGA has a site where you can download Megadrive games, similar to the Steam incarnations. Was tempted since they gave away a USB Saturn pad if you spent $20 or more on it. About the only SEGA online thing I can think of.

caspa307

if you evver paid the sega megadrive collection on ps3 or xb360 thats used a sega pass

richymcdermott

So thats now

Sega
Nintendo
Sony
Bioware
Codemasters
Epic games
Bethesda
Eidos

Looks like someone out for vendetta or just for lulz

johnny_ultimate

richymcdermott wrote: »

Looks like someone out for vendetta or just for lulz

The 'lulzsec' monkier might suggest the latter.

calex71

I said in another thread they really need to be teaching e-security / awareness in schools these days, simple things not being lazy and using the same log in over multiple sites etc.

However, companies need to be hit hard for these failings, the attitude seems to be "ah sure we're fixing it now what more do you want" among them :mad:

Even ones that have their databases encrypted have been using MD5 which has been known in the industry to be broken for several years now. While it's better than nothing, I think I have the right to demand more for my personal data.

grizzly

For added security you can use google to create alerts for when one of your email addresses are used online.