According to the site Megavisions.net, the VPNOverview company contacted SEGA Europe for the first time on October 18 to inform the European company of an intrusion into a public cloud server containing numerous private resources. Not getting a response, and after having conducted a more in-depth investigation, the security agency relaunched SEGA Europe ten days later, indicating more openly the danger of such an act. This time, the team in charge of cybersecurity at SEGA immediately reacted to find a solution and close the loophole.
For ten days, the hackers could thus have seized an astronomical amount of data (usernames, passwords, email addresses …), but it would seem that the intrusion – which is linked to a storage service of Amazon Web Services (AWS) cloud used by SEGA – either “limited” to 26 domains, including SEGA websites or those of specific titles such as Vanquish, Humankind or Bayonetta. Where the matter is a little more worrying is that VPNOverview noticed that the personal data of many users of the Football Manager forum has been impacted. This is the data of users registered before 2016. Megavisions.net specifies that the IP addresses are probably no longer accurate, but if you have registered on the Football Manager forum – even more so if you registered before 2016 – it would be good practice to change your password to avoid any phishing attempt (or phishing, in other words sending an email to try to recover sensitive data).
Cybersecurity researcher Aaron Philips took the opportunity to launch a warning message for companies:
Time and time again, surveys show how improperly configuring Amazon AWS storage servers can jeopardize the digital infrastructure of larger organizations. This cybersecurity report should serve as a wake-up call for companies to assess their practices with cloud services. We hope other companies will follow SEGA’s lead in examining and removing apparent vulnerabilities before they are exploited by cybercriminals.
More than ever, the world we live in is controlled by computers and the internet. Businesses spend large sums of money to guard against cyber attacks, but they are never immune to a breach that can have serious consequences. We cannot repeat it enough, but when choosing a password, make sure it is complex enough (preferably with a capital letter and a special character) to protect you as well as possible. For its part, SEGA had already suffered an attack in 2011 on its SEGA Pass service (which no longer exists today), but one can wonder what could have happened if VPNOverview had not relaunched the publisher and if hackers had taken, for example, Steam data.