The Sega Pass hack that occurred last week appears to be more serious than originally thought, with as many as 1.3 million users affected by the attack.
Sega revealed in an email to its users last week that someone had made an “unauthorized entry” into its Sega Pass database. The company said that “a subset of Sega Pass members email addresses, dates of birth and encrypted passwords were obtained,” but emphasized that none of the lost passwords had been stored in plain text. Sega Pass was temporarily taken offline and the company recommended that people change their passwords but otherwise, in the grand scheme of recent events, it didn’t appear to be an overly remarkable breach.
That was then, this is now, and it’s starting to sound like things might be a bit worse than they initially appeared. Sega said yesterday that the names, birth dates, email addresses and encrypted passwords of 1.3 million customers had been stolen in the hack, a far cry from the 100 million or so who were caught in the PSN train wreck but still a mighty big boatload of people.
“We are deeply sorry for causing trouble to our customers,” said Sega rep Yoko Nagasawa. “We want to work on strengthening security.”
Yet as GamesIndustry pointed out, Sega had already taken steps to evaluate and tighten its security systems in the wake of the PSN debacle. “We did a security audit as a result of [the PSN hack], which is probably six months earlier [than normal], and it was just a good housekeeping exercise. We made a couple of changes to some of our security systems. I’m sure most people have done exactly the same,” Sega West CEO Mike West said last month. “Fortunately we seemed pretty solid so we didn’t have to do too many additional changes.”
It’s not yet known who actually committed the attack, or when Sega Pass will be back online.