SEGA Pass systems data breach; consumer information stolen

SEGA Pass has just sent out a mass email to inform consumers that one of their databases have been breached, and information inside of the database may have been stolen.

The database that was breached contained SEGA Pass members email addresses, date of birth, and encrypted passwords. In the email, SEGA was very clear that the passwords were not stored in plain text, and as a safety precaution, all of the SEGA Pass members passwords have been reset and access to accounts have been temporarily suspended for security purposes.

The email issued by SEGA recommends that any Pass member who used the same login information on other websites change their information immediately.

No group has taken responsibility for the attack yet. SEGA has now become the latest victim in a wave of online gaming platform companies. Nintendo and Sony were among the first gaming companies to have their systems breached. However, Sony definitely received the worst of the attacks.

Dear xxx,

As you may be aware, the SEGA Pass system has been offline since yesterday, Thursday 16 June.

Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.

We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.

We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text.

Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion.

If you use the same login information for other websites and/or services as you do for SEGA Pass, you should change that information immediately.

We have also reset your password and all access to SEGA Pass has been temporarily suspended.

Additionally we recommend you please take extra caution if you should receive suspicious emails that ask for personal or sensitive information.

Therefore please do not attempt to login to SEGA Pass at present, we will communicate when the service becomes available.

We sincerely apologise for this incident and regret any inconvenience caused.

We are contacting all our members with these recommendations.

If you have any further questions please contact SEGA customer support on csescalations@sega.com
Report a problem with article
Previous Story

Study claims US smartphone data use up 89 percent

Next Story

Report: Xbox 360 sells just under 1.5 million total units in Japan

21 Comments

Commenting is disabled on this article.

I think it's a very correct email, well explained and everything. And they were the first to tell that there was a breach, not some kiddy haxor group or some news site. Respect.

WAR-DOG said,
I think it's a very correct email, well explained and everything. And they were the first to tell that there was a breach, not some kiddy haxor group or some news site. Respect.

Better than Sony.

WAR-DOG said,
I think it's a very correct email, well explained and everything. And they were the first to tell that there was a breach, not some kiddy haxor group or some news site. Respect.

+10! They also mentioned very carefully that if you used the same password on other site's, you should change your password on those site's as well. Sony and some other company that mailed me this month, didn't mention that at all as far as I know, just "You can reset your password here".

AND IT EVEN WAS TRANSLATED! I received two English mails from Sony, while Sega just send me one very well translated Dutch version. That, very explained situation, and an special email address to email about this problem without the crap that says that SEGA is so good and awesome...

I'm not happy about it, but I give SEGA a +10 on taking this situation very thoughtfull. (except for the site saying it's a maintanence thing lol). But I guess they saw it coming... Hope this all will be over soon...

kezzzs said,
I just want to find out what password I actually used!

Same... If possible, I will remove my account from there too - as I'm never on it.

al11588 said,
I got the email from Sega over the compromise. Sigh.

Me too, it's the 4th email this month, First Ashampoo, then CodeMaster, then PixMania (they didn't admit it, but i am getting spam emails directed to my name and pixmania email) and now Sega, the good thing is that with all these accounts i have no real data, just some forward emails with false name.

boumboqc said,
And so what ? Who on earth have an account with Sega ?
If so, it must be an old e-mail adress from the 80'

Well, if you play any 2k Games or Creative Assembly games, you are playing SEGA games, as they own these studios (among others).

sviola said,

Well, if you play any 2k Games or Creative Assembly games, you are playing SEGA games, as they own these studios (among others).

2k Game.. it rings me. was they the responsible of Duke Nukem Forever?

Magallanes said,

2k Game.. it rings me. was they the responsible of Duke Nukem Forever?


And the Bioshock franchise. Not sure on the specifics on DNF, though.

boumboqc said,
And so what ? Who on earth have an account with Sega ?
If so, it must be an old e-mail adress from the 80'
Steam also just released a bunch of F2P games and among them was a game called Spiral Knights, which uses SEGA Pass, So SP just received a bunch new accounts.