Sega narrowly avoids huge data breach, thanks to security firm

The issue has since been swiftly patched.

Image via Sega

With so much personal information and important data now stored remotely and in the cloud, cybersecurity has never been more important. Japanese games company Sega was reminded of that fact earlier today when it managed to dodge what could have been a significant security issue, according to a report published by security firm VPN Overview.

According to the investigating team, the company had left personal data and sensitive files in a publicly-accessible Amazon Web Services S3 bucket. As a result, experts were able to find security keys that would have allowed them to access all sorts of different services in Sega’s name, including AWS, Mailchimp, and Steam.

On top of that, they were able to run scripts and upload files to 26 Sega-owned domains, including landing pages for hit games like Bayonetta, Total War, and the company’s mascot Sonic the Hedgehog. In a more malicious pair of hands, this would have put users at risk of downloading malware and trojans — hardly an ideal situation.

Luckily for Sega, it was a security company that identified the issues rather than an ill-intentioned hacker. At present, there doesn’t appear to be any evidence that the security hole was exploited, and VPN Overview assured its readers that its team had “worked with SEGA to close the breach and ensure users can safely access official websites and forums.”