Sega Europe Ltd. Exposes Data

Sega Europe Ltd. is the latest company to be discovered exposing data due to a faulty Amazon Web Services Inc. configuration Bucket S3.

The exposed bucket contained multiple sets of AWS keys that could have been used to access many of Sega Europe’s cloud services, according to security researcher Aaron Phillips, who detailed it on December 30th. MailChimp and Steam keys were also discovered, as well as hacked SNS notification queues that ran scripts and uploaded files to the company’s domains.

On October 18th, the exposed bucket was discovered, and Sega Europe was notified the same day. The company did not respond to the initial notification and did so only after receiving a follow-up notification on October 28th.

Following that, the company secured the bucket with the help of its cybersecurity team and external security researchers.

Although there is no proof that a malicious actor accessed the bucket, the possibility that it was accessed exists. According to Phillips, the credentials, keys, and passwords could theoretically be used for malicious purposes such as stealing company and user data.

Phillips came to the conclusion that businesses should keep their public and private clouds separate, and that private cloud storage should be sandboxed, with access to S3 buckets segmented.

Everything from proprietary gaming code and data to payment information for streamers was leaked in the Twitch and EA cases.

Leave a Reply

Your email address will not be published.