Kim Kyung Hoon / Reuters
According to the findings of the Security Research Center VPN Overview, one of SEGA’s servers in Europe is incorrectly configured with Amazon Web Services S3’s simple storage service, allowing hackers to upload files to the SEGA domain’s website at will, involving 250,000 users. ‘S email information.
The so-called SEGA domain name is the official website that includes many famous games, such as “Sonic the Hedgehog”, “Bayonetta”, “Total War” and other games. Of course, sega.com is also available. inside. VPNO stated that they can execute any commands on these websites. At the same time, an improperly stored Mailchimp API key can allow VPNO to view the login email, password, and IP address of the affected user, which brings great security risks.
Fortunately, there is currently no evidence that SEGA server vulnerabilities have been discovered by a third party other than VPNO, and SEGA Europe did not respond to queries.
In other words, the settings of the Services S3 simple storage service are quite often incorrect. Sennheiser, Senior Advisor, PeopleGIS, and even the Ghana government website have also occurred. As for SEGA itself, it was once the source of 1.3 million user data leaks in 2011. Now that there are hidden network security risks, it is really worrying.
