2011年6月19日 星期日

Hackers Halt Sega Pass

Sega Pass online gaming fell prey to a cyber attack on Friday that netted the hackers over 1 million user names and passwords. According to Sega no credit card data was stored on the breached server because they use an outside company for their payment gateway.

This attack is the latest in what seems to be an all out declaration of war from the cyber underground. Sega joins Sony, the CIA and numerous other data and gaming websites that have been forced to shut down their sites and services because of external server breaches.

Presently the Sega Pass website has this message "Hi SEGA Pass is going through some improvements so is currently unavailable for new members to join or existing members to modify their details including resetting passwords. We hope to be back up and running very soon. Thank you for your patience."

So far no one has taken credit for the hack, LulzSec which has claimed responsibility for the Sony and CIA breach tweets staunch denial of the Sega hack, iterating their love for Dreamcast and willingness to locate and take down the offenders as proof they're innocent.

Sega Pass website displays the privacy banner "ESRB Certified" which in turn links to a privacy policy that says "the storage of data is on secure servers or computers inaccessible by modem." I guess that hackers hired the amazing Kreskin or used a crystal ball so they just willed the data into their possession.

The lesson everybody should learn from this is claiming security and actually providing security are two different things. Any company or person using SQL  databases are vulnerable to the good old injection code method of database stealing, and until that issue is fixed there will be a lot more data swiping and wiping going on. Doesn't anyone encrypt their stored data? Why did Microsoft make a big deal about "Bitlocker" If no one bothers to use it?

沒有留言:

張貼留言