Hack Attack Exposes 1.3 Million Sega Accounts

LulzSec says to watch your Facebook, Gmail, and Skype passwords, though no one has claimed responsibility for the Sega breach.

Another day, another hacked website belonging to a video game manufacturer. On Friday, Sega confirmed news reports that attackers had compromised its systems, exposing data on 1.3 million users. Sega took the hacked Sega Pass system, which is both a newsletter and account management system for the company's online games, offline on Thursday. It gave no estimate for when the service would be restored. Despite the passwords having been encrypted, Sega reset all users' Sega Pass passwords. It also cautioned that "if you use the same login information for other websites and/or services as you do for Sega Pass, you should change that information immediately."
The attack against Sega follows comments made by Sega West CEO Mike Hayes to Eurogamer last month, in which he said that the PlayStation Network (PSN) hack, which resulted in over 77 million user accounts being compromised, was "an interesting wake up call for all of us." In particular, it led Sega to conduct an immediate security audit. "Fortunately we seemed pretty solid so we didn't have to do too many additional changes," he said.

According to a message posted on the Sega Pass website, "we had identified that unauthorized entry was gained to our Sega Pass database." Attackers stole Sega Pass members' email addresses, dates of birth, and encrypted passwords. "None of the passwords obtained were stored in plain text," said Sega, although it didn't detail the encryption technique used.

http://www.informationweek.com/news/security/attacks/231000042

Citigroup card customers data hacked

Computer hackers have breached Citigroup’s computer network and have accessed data on hundreds of thousands of its card customers, the Financial Times said.

Citigroup said the breach, which affected about 1 per cent of its card customers, was discovered in early May through routine monitoring.

According to the bank’s annual report, Citi Cards has about 21 million customers in North America.

The breach occurred at Citi Account Online, which holds basic customer information such as names, account numbers and e-mail addresses.

Other information such as birth dates, social security numbers and card security codes are held elsewhere and were not compromised, Citi said.

“The bank said it had contacted law enforcement officials and tightened its fraud detection procedures, but declined to provide further details or to say whether customers had reported suspicious transactions,” the FT reported.

Though Citigroup said the breach involved only credit card accounts, the FT said that several people have reported about their debit card details being compromised.

Hacking into companies is increasingly becoming common.

Lockheed Martin, PBS and Sony have all recently had their security systems violated.

http://www.thehindu.com/business/companies/article2090316.ece

RSA, the security division of EMC, has acknowledged that information stolen from its network was used to carry out a cyber attack against Lockheed Martin and offers to replace all of the 40 million SecurID hardware tokens in existence.

Back in March, RSA announced that attackers managed to penetrate its network and accessed information related to SecurID, its two-factor authentication solution. 

The company provided little information about the incident and the extent of the breach, a decision that attracted strong criticism from the information security community.

"While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," the company said at the time.

Since then, three large U.S. government contractors, namely Lockheed Martin, L-3 Communications and Northrop Grumman are believed to have been attacked using information stolen during the RSA breach.

Of these, only the Lockheed Martin one was publicly confirmed and attackers are said to have used cloned SecurID tokens to access the company's network.

Lockheed claims that its security team spotted and blocked the attack before any sensitive information was stolen, but the incident prompted a week-long remote network access ban and a change of SecurID tokens for all employees.

In a letter to customers sent yesterday, RSA acknowledged that intruders breached Lockheed Martin's security using information stolen from its systems. Furthermore, the company's chairman, Mr. Art Coviello, told the Wall Street Journal that as a precaution, the company will offer to replace the SecurID tokens for virtually every customer.

In addition, for certain customers, primarily those in the financial industry, RSA will provide transaction monitoring and other intrusion detection capabilities. Depending on their security requirements, some customers might not need to replace the tokens. "We believe and still believe that the customers are protected," Mr. Coviello said.
 
http://news.softpedia.com/news/RSA-Offers-to-Replace-All-SecurID-Tokens-Following-Lockheed-Martin-Attack-204609.shtml?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=s3cb0t