June 20, 2011
TOKYO — The Japanese video game developer Sega said Sunday that information belonging to 1.3 million customers had been stolen from its database, the latest global hacker attack against a video game company.
Names, birth dates, e-mail addresses and encrypted passwords of Sega Pass online network members had been compromised, Sega said in a statement, though payment data like credit card numbers were safe. Sega Pass has been shut down since late last week. “We are deeply sorry for causing trouble to our customers. We want to work on strengthening security,” said Yoko Nagasawa, a Sega spokeswoman, adding that it was unclear when the company would restart Sega Pass
The attack against Sega, a division of Sega Sammy Holdings that makes game software like Sonic the Hedgehog as well as slot machines, follows other recent significant breaches. Targets have included Citigroup, which said more than 360,000 accounts were hit in May, and the International Monetary Fund.
The drama surrounding the recent round of video game breaches paled in comparison with what Sony, the maker of the PlayStation, experienced after two high-profile attacks that surfaced in April. Those breaches led to the theft of account data for more than 100 million customers, making it the largest ever hacking of data outside the financial services industry.
They also exposed what turned out to be a large number of security holes in sites throughout the global Sony media empire. That led to attacks on Sony systems that undermined confidence in the company and made it the source of frequent jokes by security experts. Sega Europe, a division of Sega that runs the Sega Pass network, immediately notified Sega and the network customers after it found out about the breach Thursday, Ms. Nagasawa said.
Sega was one of the biggest video game consoles makers in the 1990s but pulled out of the market in 2001 in response to disappointing sales of its Dreamcast system, which began sales in 1998 to widespread industry praise. Dreamcast lost ground to newer products developed by Sony and Nintendo.
It now focuses on developing video games for systems made by other companies. While the F.B.I. is likely to be called in to investigate the attack on Sega, as the U.S. government agency typically is in such cases, its agents may find themselves competing for clues with members of the Lulz Security hacking group. Lulz, a group of hackers that has been behind the cyber attacks against other video game companies including Nintendo, unexpectedly offered to track down and punish the hackers who broke into Sega’s database. In its offer to assist Sega, a Twitter post from Lulz hinted that its leaders might count themselves among a small but highly loyal group of game players who still play on the aging Dreamcast console. “Sega — contact us,” Lulz said. “We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.”