Now this has got to be an interesting twist to SEGA's recent woes of having the personal information of its subscribers compromised after a successful attack by hackers on its database. Apparently, the well-known hacker group known as LulzSec has not only made an announcement to distance itself from the attack; the group has even put up a notice claiming that it wants to help SEGA by threatening to retaliate against those who were responsible for forcing the company's service offline. Looks like vigilantism is still alive and well in the virtual world after all.
So you have read the news about SEGA being the latest victim in a string of cyber attacks that have seen many huge corporations being forced to take their servers offline in a bid to perform damage control and prevent hackers from further compromising any more personal information. However, in this case, SEGA can probably thank its lucky stars that it did not suffer the same kind of damage and data loss that some of its fellow victims have faced; while the company did not deny that it did lose a huge chunk of personal information as a result of a successful attack on one of its databases, it has also assured users that the most important piece of information, which is the credit card details of its subscriber base, was still safely secure in its servers.
According to a report posted by ZDnet, SEGA has confirmed that the attack has resulted in its SEGA Pass service being forced offline, and that the information that had been stolen as a result of the attack consists of personal information such as names, dates of birth, email addresses and passwords that that subscribers typically use to access the service, although it was quick to point out that the damage is not as severe as most people may have imagined it to be. For example, the company has revealed that the stolen passwords stored in its database were encrypted and not stored in plain text; as such, hackers or individuals in possession of those passwords will have their work cut out of them in the form of decrypting the information in order to obtain a subscriber's original passphrase. And even then, SEGA is clearly taking no chances, having taken additional measures to prevent unauthorised access by resetting the passwords for all its subscribers, so the possibility of having someone successfully gaining access to SEGA Pass with a stolen password is decidedly slim. More importantly, SEGA also revealed that the server used to store its subscribers' credit card information is in the custody of an external service provider, and was therefore safe from the attack.
However, it would seem at least one prominent hacker group does not condone such actions, and has gone out of its way to offer SEGA its assistance in finding and exacting vengeance on those hackers who perpetuated the attack. Indeed, a quick look at LulzSec's twitter page reveals that the hacker group does mean business this time round:
By the way, just for the record, a total of 1.3 million accounts were compromised in the recent attack against SEGA's database. Now that is definitely food for thought.