Sega has confirmed that 1.3m users of its Sega Pass online network have had their personal information stolen, after the service was hacked last week. “We are deeply sorry for causing trouble to our customers” spokesperson Yoko Nagasawa told Reuters, ”we want to work on strengthening security.” Although credit card information is not among the looted haul, there’s plenty of information that could lead to phishing attempts or account hacks.
Names, birth dates and email addresses of registered users have been taken, along with their passwords, albeit with the latter in encrypted form. Although no fraudulent payments can be made, online services which rely on date of birth password resetting might be susceptible to unofficial access; users could also be at risk of brute force attacks where common passwords are tried against a known email address.
Sega Pass is currently offline, with a message on the site saying that it “is going through some improvements so is currently unavailable for new members to join or existing members to modify their details including resetting passwords.” No timeline for its restoration has been given, nor specific details about the steps Sega is taking to address the hack.
In a somewhat bizarre turn of events, hacking group LulzSec has denied responsibility for the break in and offered to hunt down those responsible. “We want to help you destroy the hackers that attacked you” the group tweeted, ”We love Dreamcast, these people are going down.”