What could have been a malicious breach in one of Sega’s servers appears to have been shut down, according to a report by security firm VPN Overview. The misconfigured Amazon Web Services S3 bucket contained sensitive information that allowed researchers to randomly upload files to a huge number of Sega-owned domains, as well as credentials to abuse an email list of 250,000 users.

Affected domains included the official landing pages of major franchisees including Sonic the Hedgehog, Bayonetta, and Total War, as well as the Sega.com website itself. VPNO was able to run executable scripts on those pages, which, as you can imagine, would have been pretty bad if this breach had been discovered by malicious actors instead of researchers.

An incorrectly saved Mailchimp API key gave VPNO access to the above email list. The emails themselves were available in clear text along with associated IP addresses and passwords that the researchers were able to decrypt. According to the report, “a …

Source link

Leave a Reply