Sega Hack Affected 1.3 Million Users

Sega on Monday confirmed that a recent hack of its system affected almost 1.3 million customers. Hackers who infiltrated the Sega Pass system last week gained access to 1,290,755 customer accounts, which included Sega Pass members' names, email addresses, dates of birth, and encrypted passwords.
"We express our sincerest apologies to our customers for the inconvenience and concern caused by this matter," the company said in a statement. "Sega Pass is the service used to provide information about our new products to registered members and does not hold any customer financial information."
Sega said it checked its other services and "can confirm there are no other verified incidents."
After the intrusion was detected, Sega took its Sega Pass service offline and "took emergency action to prevent further damage," the company said. "This action included immediately contacting all our registered SEGA Pass users. We are now fully investigating the cause of the incident." Sega promised that network security will be a "priority issue" going forward.
Hacker group LulzSec has been targeting a number of gaming companies, including Sony and Nintendo, but they denied involvement with the Sega intrusion and even offered up its assistance.
"@Sega - contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down," LulzSec tweeted on Friday.
LulzSec had similar sentiments earlier this month. "We love Nintendo and Sega, if anything we'd hack *for* them. If you're listening Nintendo/Sega, you, you uh... you want Sony hacked more?" the group said on June 6.
LulzSec said today that it is teaming with Anonymous to target government Web sites.

LulzSec on Hacks: 'We Find it Entertaining'

Hacker group LulzSec on Friday offered a rather bizarre explanation for its activities, arguing that silently manipulating hacked data is worse than releasing it publicly, but admitting that it hacks organizations and accounts "because we find it entertaining."
In honor of its 1,000th tweet, LulzSec posted an admittedly pretentious manifesto of sorts, admitting that it has recently been "causing mayhem and chaos throughout the Internet."
But there are far more nefarious characters than LulzSec currently having their way with your data, the group argued.
"Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure others are playing the silent game," LulzSec wrote. "This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly."
LulzSec, for example, is "sitting on" the personal data of 200,000 Brink users, a first-person shooter from Splash Damage and Bethesda Softworks, a company that has already felt the wrath of LulzSec.
"It might make you feel safe knowing we told you, so that Brink users may change their passwords," LulzSec said. "What if we hadn't told you? No one would be aware of this theft, and we'd have a fresh 200,000 peons to abuse, completely unaware of a breach."
Is all this a warning for companies to secure their data? Perhaps. But in discussing whether or not it is evil to release the average Web users' personal data for all to see, LulzSec said simply that "this is the lulz lizard era, where we do things because we find it entertaining."
LulzSec this week, for example, released the emails and passwords of more than 62,000 people. These were not IT execs, CIOs, or the CEOs of companies with lackluster online security measures, but average Internet users. Writing Web site Writerspace.com later confirmed that 12,000 of those emails were from its database.
On its Twitter feed and Web site, LulzSec encouraged its supporters to hack into the listed accounts and wreak havoc on their digital lives—order embarrassing products from Amazon, post vulgar status updates or photos on Facebook, for example. The group argued that people reading its Twitter feed or messages "love the idea of wrecking someone else's online experience anonymously."
"We release personal data so that equally evil people can entertain us with what they do with it," LulzSec said.
The group went on to argue that "you'll forget about us in 3 months' time when there's a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle." Interestingly, they did not claim to be above the law and essentially admitted to illegal activity. "We'll continue creating things that are exciting and new until we're brought to justice, which we might well be."
Also today, LulzSec said it was not at war with Anonymous, another clandestine Web group, something confirmed by Anonymous. "To confirm, we aren't going after Anonymous. 4chan isn't Anonymous to begin with, and /b/ is certainly not the whole of 4chan. True story," LulzSec tweeted. "Saying we're attacking Anonymous because we taunted /b/ is like saying we're going to war with America because we stomped on a cheeseburger."
Anonymous differs slightly from LulzSec in that it usually goes after certain targets for political reasons. In recent weeks, for example, the group has targed the Web sites of governments that Anonymous believes are oppressing their people via Internet censorship. Anonymous usually also employs distributed denial of service (DDoS) attacks rather than massive data dumps. Police in Spain and Turkey, however, recently arrested members of Anonymous for DDoS attacks.