LulzSec offers aid to Sega after network breach

Sega became another victim of a network breach during this week, with the Japanese company having sent information to users of their 'Sega Pass' service, to inform them that "unauthorized entry was gained" to the Sega Pass database, though the company is currently attempting to investigate the incident. As CNET points out, the information following was posted on PlayStation Lifestyle, as information apparently sent out to Sega Pass users. It reads:

"We have identified that a subset of Sega Pass members' e-mails addresses, dates of birth, and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text. Please note that no personal payment information was stored by Sega, as we use external payment providers, meaning your payment details were not at risk from this intrusion."

The incident is just one of many that has happened during the past week and months due to different organized groups, who have been responsible for attacks on groups such as Sony, Lockheed Martin, the FBI, the United States Senate, and The Escapist, as well as others. The information does not identify the party, or parties, responsible for the strike against the company, but it does caution users of the Sega Pass with the following points:

  • If you use the same login information for other websites and / or services as you do for Sega Pass, you should change that information immediately.
  • We have also reset your password, and all access to Sega Pass has been temporarily suspended.
  • Additionally we recommend you please take extra caution if you should receive suspicious emails that ask for personal or sensitive information.

Currently, the Sega Pass website is offline, and this message is presented to anyone who attempts to reach it:

"Hi

SEGA Pass is going through some improvements so is currently unavailable for new members to join or existing members to modify their details including resetting passwords.

We hope to be back up and running very soon.

Thank you for your paitence"

The hacking group LulzSec, responsible for attacks against different sites on the internet and other incidents, publicly tweeted to Sega. Their tweet offered assistance to the company, and read as follows:

"@Sega - contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.

LulzSec then tweeted the same numbers they had used earlier in the week, in order to 'request a hack'. When the number is dialled, callers will hear two 'characters' with exaggerated French accents, running from a soundboard. The usage of these numbers serves only to highlight the chaos currently happening among a select number of different websites, most of which are related to videogames. The group has quickly become notorious on the internet for their actions against different companies, and their willingness to hack targets that have been requested by callers. The group claims to be doing what they are doing "for the lulz".

Report a problem with article
Previous Story

Razer launches chrome version of Orochi gaming mouse

Next Story

Hackers start exploiting Patch Tuesday vulnerability

33 Comments

Commenting is disabled on this article.

For those who say that Lulzsec is showing the "gaps" in their security then I ask why not steal a small segment of the compromised systems data for proof and then get out? The crime is the same. You rob a bank for a dollar or a million its the same punishment.

The innocent bystanders are put at risk, additional headaches and years of watching their credit. It costs everyone more money in the end. We can say it's not their fault but the hackers are causing a lot of collateral damage.

Also wanna be "script kiddies" do not attack the CIA. You are moving up the food chain when you start a war with the CIA and government institutions.

Ok there are a few points that need to be made here as some seem to not care to look at the obvious.

1. Software creators need to be held accountable for bugs in their code that allows hackers into even properly configured systems.

2. Sys Admins need to be held accountable for improperly configured systems

3. Groups like LulzSec are partly good for the tech environment because they force Admins and Software creators to not be lazy and do their job properly and be more responsive.

4. For every hack that LulzSec publicizes how many groups are not being announced or noticed?

5. If LulzSec are just "script kiddies" and have causes this much damage that can only mean:
5a: System security is just appalling and the sys admins of these companies are not worth their salaries.
5b. The untold number of servers that have been accessed by "real hackers" must be huge.


We know that LulzSec got into these systems because they told us. The more important question is who was in it before them and didn't tell us?

The fact is the Admins use the tools given by programmers, they dont make them so it is still the programmer's that are accounted for. ( one way or another ).. ( not the admin's fault )

I disagree with your statement - in my opinion it is bad programming why people are not pointing the finger at those responsible for building the software amazes me.

SpyCatcher said,
I disagree with your statement - in my opinion it is bad programming why people are not pointing the finger at those responsible for building the software amazes me.

So the developers of the software (Microsoft, Cisco, etc) should be held responsible for sysadmins or IT directors not ensuring that they've applied the patches said companies release to secure their software? What about firewalls that are left completely open? should cisco be held responsible if you decide to leave ports 21, 80, 8080, 3389 and others open in your network?

SirEvan said,

So the developers of the software (Microsoft, Cisco, etc) should be held responsible for sysadmins or IT directors not ensuring that they've applied the patches said companies release to secure their software? What about firewalls that are left completely open? should cisco be held responsible if you decide to leave ports 21, 80, 8080, 3389 and others open in your network?

They shouldn't be responsible for admin incompetence, but if it's a security flaw in their system... then yes.

Far as I'm aware of, those hackers that went after Sega, did pretty much the same as LuzSec always do. Intrusion, data breach, data leak, and that's it.

DiamondFootprint said,
Delivery for Lulzsec, I have a large delivery of Hippo Crates, please sign.

I don't see how outright chaos and inconsistancy can be hypocritical.

Athernar said,

I don't see how outright chaos and inconsistancy can be hypocritical.

They create this 'chaos' for some companies which are chosen at random but when a company they deem to 'like' gets hacked, they want to help them?

"Oh we totally wanna help you catch these guys that hacked Sega! Give us a minute though just releasing thousands of usernames and passwords from companies we have hacked"

Hypocrites.

DiamondFootprint said,

They create this 'chaos' for some companies which are chosen at random but when a company they deem to 'like' gets hacked, they want to help them?

"Oh we totally wanna help you catch these guys that hacked Sega! Give us a minute though just releasing thousands of usernames and passwords from companies we have hacked"

Hypocrites.

Uh, no. I don't think you quite understand the concept of true chaos.

Repeatedly hacking companies and releasing details would be an orderly action, suddenly going about face for some arbitary reason is very much chaotic.

Chaotic Neutral if you will.

Athernar said,

Uh, no. I don't think you quite understand the concept of true chaos.

Repeatedly hacking companies and releasing details would be an orderly action, suddenly going about face for some arbitary reason is very much chaotic.

Chaotic Neutral if you will.

Sorry, you've totally lost me. I used the word 'Chaos' as you used it a in previous post, it was your terminology not mine. If i've picked that up wrong then apologies but that's not my point.

It also depends how you personally define Chaos and how it reflects the situation as well. I certainly wouldn't say hacking a company and releasing details could be described as 'orderly' but then your opinions may differ from mine.

However, I would say they are still hypocrites.

Antaris said,
"We love Dreamcast" - such a fanbase to this day!

Maybe LulzSec is angry at Sega for abandoning the Dreamcast. I'm sure Sega will not let them "help".