Hack Attack Exposes 1.3 Million Sega Accounts

LulzSec says to watch your Facebook, Gmail, and Skype passwords, though no one has claimed responsibility for the Sega breach.

Another day, another hacked website belonging to a video game manufacturer. On Friday, Sega confirmed news reports that attackers had compromised its systems, exposing data on 1.3 million users. Sega took the hacked Sega Pass system, which is both a newsletter and account management system for the company's online games, offline on Thursday. It gave no estimate for when the service would be restored. Despite the passwords having been encrypted, Sega reset all users' Sega Pass passwords. It also cautioned that "if you use the same login information for other websites and/or services as you do for Sega Pass, you should change that information immediately."
The attack against Sega follows comments made by Sega West CEO Mike Hayes to Eurogamer last month, in which he said that the PlayStation Network (PSN) hack, which resulted in over 77 million user accounts being compromised, was "an interesting wake up call for all of us." In particular, it led Sega to conduct an immediate security audit. "Fortunately we seemed pretty solid so we didn't have to do too many additional changes," he said.

According to a message posted on the Sega Pass website, "we had identified that unauthorized entry was gained to our Sega Pass database." Attackers stole Sega Pass members' email addresses, dates of birth, and encrypted passwords. "None of the passwords obtained were stored in plain text," said Sega, although it didn't detail the encryption technique used.

http://www.informationweek.com/news/security/attacks/231000042

Citigroup card customers data hacked

Computer hackers have breached Citigroup’s computer network and have accessed data on hundreds of thousands of its card customers, the Financial Times said.

Citigroup said the breach, which affected about 1 per cent of its card customers, was discovered in early May through routine monitoring.

According to the bank’s annual report, Citi Cards has about 21 million customers in North America.

The breach occurred at Citi Account Online, which holds basic customer information such as names, account numbers and e-mail addresses.

Other information such as birth dates, social security numbers and card security codes are held elsewhere and were not compromised, Citi said.

“The bank said it had contacted law enforcement officials and tightened its fraud detection procedures, but declined to provide further details or to say whether customers had reported suspicious transactions,” the FT reported.

Though Citigroup said the breach involved only credit card accounts, the FT said that several people have reported about their debit card details being compromised.

Hacking into companies is increasingly becoming common.

Lockheed Martin, PBS and Sony have all recently had their security systems violated.

http://www.thehindu.com/business/companies/article2090316.ece

Massive hack hits US banks and retailers

The names and emails of customers of Citigroup and other large US companies were exposed in a massive and growing data breach after a computer hacker penetrated online marketer Epsilon.
In what could be one of the biggest such breaches in US history, a diverse range of companies that did business with Epsilon stepped forward over the weekend to warn customers some of their electronic information could have been exposed.
Walgreen, TiVo, credit card lender Capital One and teleshopping company HSN all added their names to a list of targets. JPMorgan Chase, the second-largest US bank, and Kroger, the biggest US supermarket operator, said that some customers were exposed as part of the Epsilon data breach.
Epsilon, an online marketing unit of Alliance Data Systems, said that a person outside the company hacked into some of its clients' customer files. The vendor sends more than 40 billion email ads and offers annually, usually to people who register for a company's website or who give their email addresses while shopping.
Some of Epsilon's other clients include Verizon, Hilton Hotels, Kraft Foods, and AstraZeneca.

Losing your email address via a service to which you already belong makes it much easier for scammers to hit you with emails which match your existing interests, at least loosely

"We learned from our email provider, Epsilon, that limited information about you was accessed by an unauthorised individual or individuals," HSN, also an ecommerce operator, said in an email to customers.
"This information included your name and email address and did not include any financial or other sensitive information. We felt it was important to notify you of this incident as soon as possible."
Law enforcement authorities are investigating the breach, though it was unclear how many customers had been exposed. Epsilon is also looking into what went wrong.
"While we are cooperating with authorities and doing a thorough investigation, we cannot say anything else," said Epsilon spokeswoman Jessica Simon. "We can't confirm any impacted or non-impacted clients, or provide a list (of companies) at this point in time."
Cloud problems
Paul Ducklin, head of technology for Sophos, noted that email address leaks were not seen as a "cardinal sin" among companies, but would lead to an increase in spam to affected accounts.
"Also, losing your email address via a service to which you already belong makes it much easier for scammers to hit you with emails which match your existing interests, at least loosely," he noted in a blog post. "That, in turn, can make their fraudulent correspondence seem more believeable."
As Epsilon is essentially a cloud-based email contractor, he said firms should take note that moving to the cloud could have security implications, saying "sometimes, keeping your own skills and abilities factored in to your organisation's security equation can pay off".
Play.com was faced with a similar problem, after its email marketing firm leaked customer data last month.

 

http://www.pcpro.co.uk/news/security/366493/massive-hack-hits-us-banks-and-retailers