What would have been a fatal breach in one of Sega’s servers appears to have been blocked, according to reports and security company VPN Overview. The Amazon Web Services S3’s default folder contains encrypted information that allows searchers to upload files seamlessly across multiple Sega sites, as well as alerts for the misuse of 250,000 email users.
The affected areas also included official pages for major franchises, including Sonic the Hedgehog, Bayonetta and Total War, as well as the Sega.com website itself. The VPNO was able to manipulate potential scripts on these pages which, as you can imagine, would have been much worse if these breaches had been found by the perpetrators on behalf of the investigators.
The well-kept Mailchimp API key enabled VPNO on the aforementioned email list. The actual emails were summed up along with the associated IP addresses, and the passwords that the searchers were able to remove. According to the report, “a malicious user could distribute the ransomware more efficiently using SEGA spam emails and cloud services.”
So far there is no indication that the perpetrators exploited this threat before the VPNO came out and helped Sega fix it. Sega Europe could not be reached for comment.
Non-removable S3 containers, unfortunately, are extremely sensitive to information security. The same mistakes this year have also affected the obedient company Sennheiser, Senior Advisor, AnthuGIS, and the government of Ghana. Sega was a target of a a major attack in 2011 which resulted in the release of known information for 1.3 million users. Unfortunately, the wrongly configured European server did not return the same.
All sales supported by Engadget are selected by our team of developers, independent of our parent company. Some of our articles include links to links. When you buy something through one of these links, we can find a partner.
Source link
