Sega warns of Sega Pass hacking, theft of e-mail addresses, birth dates, encrypted passwords

sega-logoUPDATE: Lulz Security sent out a tweet on Friday which suggests that it had nothing to do with the Sega attack. The tweet reads: “@Sega – contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.” Thanks to BBC for the heads-up.

While hacker group Lulz Security claims that it is acting in all of our best interests with its recent actions, the rash of high-profile network intrusions that has washed over the Internet since the April Sony attack continues. The latest target is another video game company, Sega, which confirmed confirmed in an e-mail to users that its gaming forums and press sites have been breached, reports.

“As you may be aware, the SEGA Pass system has been offline since yesterday, Thursday 16 June,” the Friday e-mail reads. “We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.”

Sega doesn’t store payment information, so your credit card information is safe. The e-mail goes on to reveal that user e-mail addresses and dates of birth were obtained by the hackers, as well as encrypted passwords. “To stress, none of the passwords obtained were stored in plain text,” Sega adds.

The Sega Pass websites remain offline now, displaying a message that says the site “is going through some improvements so is currently unavailable for new members to join or existing members to modify their details including resetting passwords.” No mention is made of the intrusion, but you can bet that those improvements relate to security. No one has yet taken any credit for the attack.

Not that it matters. The Sony attack happened on a much larger scale, but reports such as this one have become an almost daily occurrence since then. The “who” isn’t as important — for the average user, that is — as the “why” and “what happens next?” at this point.

Those that have been attacked obviously have some work to do, but for most of us, the only option is to sit back and wait to see what gets hit next, and how badly. It’s a stressful time to have an online identity. Attacking consumers is the surest way to grab attention — we are, after all, the ones who sustain these companies — but it’s frustrating to know that all we can do is hope that the actions of groups like LulzSec and Anonymous really are motivated by a desire to do nothing more than foster change.