Moneycontrol PRO
Open App
you are here: HomeNewsTechnology

Sega Europe left one of its servers wide open to attack

The misconfiguration could have given a potential hacker access to credentials and 250,000 user email list

December 31, 2021 / 11:48 AM IST
(Image Courtesy: Reuters)

(Image Courtesy: Reuters)

Sega Europe had to scramble, after it was found that one of its servers had left sensitive files out in the open for public access. The house of Sonic worked closely with security researcher Aaron Phillips from VPN overview to address the problem.

The misconfigured server hosted several sets of AWS (Amazon Web Services) access keys, which could have granted a potential threat actor access to many of the company's cloud services.

The researchers also noted that it was possible to run scripts or upload files to domains owned by Sega Europe and this could have impacted pages for franchises like Sonic the Hedgehog, Bayonetta, Total War and even the main Sega landing page.

Also Read: Co-creator of Sonic the Hedgehog, Yuji Naka, launches a new mobile game

Worse, Sega stored user data and credentials on this server which could have affected hundreds and thousands of users. Thankfully, the problem was contained quickly and no evidence of any breach was found.

Close

According to VPN overviews' report, a malicious actor could have used the compromised server to distribute ransomware. It also created an epicenter for a larger second attack, since many third-party sites link to Sega servers for official versions of an image or a file.

"Companies have to keep their public and private cloud separate," said Phillips.

"Companies regularly accidentally leave private credentials in their public cloud, which causes breaches," he added.

He also said private cloud storage should be sandboxed and access to it, should be segmented.

Also Read: Netflix’s new 3D-animated Sonic series is called Sonic Prime, due out in 2022

"This cybersecurity report should serve as a wake-up call for businesses to assess their cloud security practices. We hope other organizations follow SEGA’s lead by examining and closing apparent vulnerabilities before they are exploited by cybercriminals," noted Phillips.
Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

Moneycontrol News
first published: Dec 31, 2021 11:48 am
Sections
ISO 27001 - BSI Assurance Mark