Skip to main content

Long read: The beauty and drama of video games and their clouds

"It's a little bit hard to work out without knowing the altitude of that dragon..."

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Sega was hacked after security update

Why did post-PSN measures fail?

The hack that compromised the personal details of 1.3 million Sega users happened after the company had already tightened security in the wake of the PlayStation Network breach, Eurogamer can reveal.

The company promised over the weekend to "further strengthen [its] network security as a priority," as a result of last week's attack.

But "additional changes" had already been made to internal security as a direct response to the assault that brought down Sony's online services, affecting 100 million users.

Speaking last month, Sega West CEO Mike Hayes told Eurogamer: "We did a security audit as a result of this, which is probably six months earlier [than normal], and it was just a good housekeeping exercise.

"We made a couple of changes to some of our security systems. I'm sure most people have done exactly the same."

Hayes acknowledged that the PSN hack had been "an interesting wake up call for all of us," adding: "Fortunately we seemed pretty solid so we didn't have to do too many additional changes."

However, on 17th June Sega issued a statement to customers confirming its security had been bypassed: "Over the last 24 hours we have identified that unauthorised entry was gained to our Sega Pass database.

"We immediately took the appropriate action to protect our consumers' data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems."

The publisher confirmed that, while no financial information was stored, "email addresses, dates of birth and encrypted passwords were obtained."

This latest breach raises questions over the scope and implementation of Sega's internal security review, and will cause further concern for the industry, which has seen companies and services including Codemasters, Bethesda, Eve Online and Minecraft targeted by hackers in recent weeks.

In a statement issued to Eurogamer last week, Sega acknowledged: "The protection of data is an evolving process, as new defences are created so new threats emerge. We will make all improvements necessary as a result of this intrusion."

Speaking on the PSN hack last month, Hayes said: "I think it will just be seen in two or three months as a memory. We just have nothing but sympathy for Sony, because we don't care who you are, you don't want that sort of thing to happen.

"Corporations have problems, they all have problems, but once they're sorted out people just want to get back into gaming."

The Sega Pass service remains offline while the publisher conducts an investigation.