Tristan Oliver writes:
Special Correspondent Shayne Edwards of SonicRadio.Net alerted TSSZ to a security alert issued by Sega of Japan today for users of the SEGA ID system.
The E-Mail, in Japanese, confirms attempts by “a malicious third party” to login to numerous SEGA ID accounts. It is not clear how the compromise happened, or what, if any personal data was collected from it. Still, all SEGA ID users are now being urged to change their passwords on the service and, if duplicate passwords are used, across other systems. Sega of Japan will continue its investigation in the meantime.
Read more on TSSZ.
Is it known if the passwords were stored in clear text or encrypted? Users should always use strong passwords, but credentials must also be stored securely so that even if compromised the details are of no use to the attacker.
So far, there’s nothing up on Sega Japan’s web site about the incident, and I’m not seeing any other reports yet, so all I know is what TSSZ reported.