As you may be aware, the SEGA Pass system has been offline since yesterday, Thursday 16 June.

Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.

We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.

We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text.

Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion.

If you use the same login information for other websites and/or services as you do for SEGA Pass, you should change that information immediately.

We have also reset your password and all access to SEGA Pass has been temporarily suspended.

Additionally we recommend you please take extra caution if you should receive suspicious emails that ask for personal or sensitive information.

Therefore please do not attempt to login to SEGA Pass at present, we will communicate when the service becomes available.

We sincerely apologise for this incident and regret any inconvenience caused.

We are contacting all our members with these recommendations.

If you have any further questions please contact SEGA customer support on [email protected]

Is this legit? I noticed at least two words that were misspelled.

"Apologize" and "Unauthorized" can also be spelled with an "s" instead of a "z". They aren't misspelled.

And, yes, that E-mail was legitimate.

Sega staff in the UK seem to oversee their websites, that's how we spell those words.

Hacking is now a new trend I see. Will it ever end?

The hack pile doesn't stop from growing taller.

first PSN, after codemasters and now Sega, its bad =[

first PSN, after codemasters and now Sega, its bad =[
And other attempted hackings like Bethesda and Nintendo. It's not even interesting by this point.

Since SEGA's been hacked, I wonder if that means the hackers have access to our PSU character information. That would suck.

Here we go again...

Definition of hacking is actually applying any piece of code written to existing code. This is the computer science definition. The definition of "breaking into" a system and "trying to maliciously destroy it" was branded as a Law Enforcement definition.

We always enjoy laughing at our mighty men and women in blue, who always manage to create a new definition of things in their own little world and apply it to everyone.

99.99% of the time a hack occurs is because a vulnerability was exposed within the system itself. I find that hacking a program is actually a good thing if done correctly. Some of the most important hacks we all know and love are Patches and Updates. All they do is actually override code with stronger code.

When a system has malicious code by a third-party or so, then there are problems but exposing system vulnerabilities to multi-million and multi-billion dollar corporate entities are essential things..,.Now maybe they will care about their customers enough to want to actually give thought of protection rather than see every human being as a massive dollar sign and have them trust over their identity and other personal information to an unsecure system.

"There is no "I agree" or "I disagree" with this post. Its a matter of fact. A third party regardless their skill steal information stored in the database of a company, don't always blame the hacker. Blame the company as well for doing such a half-ass job securing servers.

I had ran mmo servers for years privately and people take advantage of privatizing servers to attempt hacks. I own a full secure system with a lot of hardware and the funny thing is.....I've recorded thousands of attempts against the system there hasnt been a breach since in four years, and I am just one person.

These multi-million dollar corporations have programming teams and IT departments completely staffed and paid for, Shame on them for not having the shred of intelligence to actually have the minimum defense required of a system.

Welcome to the reality everyone.

^Thanks for, uh, enlightening(?) us. However, I don't really see the point of that post. No one here was disputing the definition of the word "hack."

So how long will this situation take, to get resolved?

You guys really need to stop asking questions no one can answer.

Since SEGA's been hacked, I wonder if that means the hackers have access to our PSU character information. That would suck.

It would seem extremely unlikely, remember PSU is authenticated via Xbox Live and not linked to anything authenticated by Sega Pass.

^Thanks for, uh, enlightening(?) us. However, I don't really see the point of that post. No one here was disputing the definition of the word "hack."
Don't listen to him, he likes reading his posts more than anything.

This HACKING thing is getting really dumb. Hey look guys we can get into systems and shit. Okay, that's cool, let us know when we should start caring that you have nothing better to do with your lives.

Hacking is getting pretty old by now. I'm wondering if this is some kind of trend or if the same people are doing it. But as for these companies, it seems like they should do a better job of keeping track of their customers' information.

I sure wish they get their asses busted! < <

I hope they catch these hackers and make them serve jury duty.

first PSN, after codemasters and now Sega, its bad =[

dont forget the ps3 network guy is still sifting thu the credit card numbers lmao

Ich verstehe nicht

I guess it was only a matter of time

People are also getting people's credit card info and account info in various places like WoW, Xbox live, Pay pal, facebook, and many other places :)

62,000 people actually :o

http://gizmodo.com/5812545/find-out-if-your-passwords-were-leaked-by-lulzsec-right-here

It was bound to happen...although this was probably done by a group like lulzsec rather than some of the more well known hackers that have targeted the game directly in the past. It's true that this is getting old already though. I can only hope that most businesses aren't just waiting around for their chance to be hacked and are patching everything up. At the rate things are going it won't be long until everyone's information is exposed.

Or, they could find these LulzSec fellows and beat them to death with their own computers. I mean, that's what I would do.

Or, they could find these LulzSec fellows and beat them to death with their own computers. I mean, that's what I would do.

They weren't responsible


While some have speculated that LulzSec, which claimed responsibility for hacks of Sony and the CIA's website, is responsible for this latest attack, the group denied involvement. "@Sega - contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down,"

They weren't responsible

Well, they've still been hacking many different places, according to Pikachief's link. So, I say beat them anyway.

EDIT: Thinking about it, I'm sure some of the Sonic fanboys are so desperate to get the forums back up, that they actually want SEGA to take LulzSec up on their offer.

Well, they've still been hacking many different places, according to Pikachief's link. So, I say beat them anyway.

EDIT: Thinking about it, I'm sure some of the Sonic fanboys are so desperate to get the forums back up, that they actually want SEGA to take LulzSec up on their offer.

Yeah, a lot of that stuff was in bad taste. Especially the PSN one, that kind of thing hurts the users/players way more than the company.

wow Segac got hacked.

Hopefully the hackers will give us US players everything the japanese players have, and the japanese players everything we US players have (half of what they currently have)

wow Segac got hacked.

Hopefully the hackers will give us US players everything the japanese players have, and the japanese players everything we US players have (half of what they currently have)


http://www.youtube.com/watch?v=0urb6lU-FkI

Oh, wait...you're not serious are you?

It's a bit concerning, but I have faith that things will turn out okay. This kind of thing seems to be the new "hot thing" for shut-ins around the world who think they're cool by messing other websites. I just hope that the Sega forums get back online soon, I'm getting bored.

They weren't responsible

Yeah I saw that a while after the announcement, not sure I believe it though, their tweet almost sounded like trolling.

Yeah I saw that a while after the announcement, not sure I believe it though, their tweet almost sounded like trolling.

Surprisingly I did some research and that statement was genuine as they talk very highly of Sega and all things Sega in past tweets

Once upon a time some fat neckbeards wanted to fuck shit up and they did.

The End.

What sucks is that the forums will likely be down until AT LEAST Monday...

I think the forums will be up soon. Luckily for me, my email and password for the forum is the only thing I use that email for.

And I don't think that the forums have any connection to our data in PSU, so are stuff is safe. :) If they did have access to it I would be pretty creeped out and cautious.

I think the forums will be up soon. Luckily for me, my email and password for the forum is the only thing I use that email for.

And I don't think that the forums have any connection to our data in PSU, so are stuff is safe. :) If they did have access to it I would be pretty creeped out and cautious.

Well, on the topic of our character data, bloodflowers did say:


It would seem extremely unlikely, remember PSU is authenticated via Xbox Live and not linked to anything authenticated by Sega Pass.

So, I'm not worried about that. As for my E-mail, I just won't open any weird messages. Not like I do, anyway.

I think the forums will be up soon. Luckily for me, my email and password for the forum is the only thing I use that email for.

And I don't think that the forums have any connection to our data in PSU, so are stuff is safe. :) If they did have access to it I would be pretty creeped out and cautious.

Hi Mikuru! :)

Hi Mikuru! :)Hi Aeris! lol I finally made an account on here.

Hi Aeris! lol I finally made an account on here.

lulz, same.

I miss sega forums :(

lulz, same.

I miss sega forums :(Private messaging you and sending a friend request. :)

I really miss the Trade boards.

Why are people bickering about whether or not someone frequents PSOW? Who cares what they do?

It was bound to happen...although this was probably done by a group like lulzsec rather than some of the more well known hackers that have targeted the game directly in the past. It's true that this is getting old already though. I can only hope that most businesses aren't just waiting around for their chance to be hacked and are patching everything up. At the rate things are going it won't be long until everyone's information is exposed.

The official PSU page is specifically down.

http://phantasystaruniverse.com/

I really miss the Trade boards.

That's one of the two useful/good bits (other being community events), with the current "our way or the highway, complaining is trolling" approach there's precious little else to recommend it. I could tell you what a friend got infracted for a day or so ago, but you just wouldn't believe it. I didn't, he didn't, nobody did, but there it was.

When PSO2 starts to appear properly I'll probably attach a forum to FBD. If I'd known how things were going to go years ago, I'd have created one for PSU but it's too late in the day now for that.

That's one of the two useful/good bits (other being community events), with the current "our way or the highway, complaining is trolling" approach there's precious little else to recommend it. I could tell you what a friend got infracted for a day or so ago, but you just wouldn't believe it. I didn't, he didn't, nobody did, but there it was.

Honestly, Blood, despite our differences, I found it kind of unfair that you got banned just for speaking your mind, politely, I might add, as a dissatisfied customer. Still trying to comprehend the reasoning behind that one.

Honestly, Blood, despite our differences, I found it kind of unfair that you got banned just for speaking your mind, politely, I might add, as a dissatisfied customer. Still trying to comprehend the reasoning behind that one.

Well, the final straw was actually a pretty sharp stick I prodded Edward with (the graph so infamous it's even done the rounds on JP blogs now), and I got banned for 'trolling and derailing' even though the actual post in question was neither. It was because I'm so negative all the time and they think that makes other people negative. Firstly, if they did good things I would have posted happy comments - which I'd loved to have had reason for, and secondly I think they give me too much credit there and other people too little, lots of customers (note: not petulant brats) are very seriously upset and banning one person who can articulate that isn't going to make one tiny bit of difference.

As for why I used such a pointy stick that day, I was just fed up of hearing the same old platitudes being wheeled out in the face of unhappy customers who had good reason to be unhappy. There are a lot of things Sega as a whole (and in a few cases staff) need to just say "Sorry" for. Properly. They're not very good at that though, and in fact some things I'm pretty sure they're not /allowed/ to apologise for.

I'd like to be unbanned there, really just for the community events stuff and gameplay advice, but as for the rest of it - no thanks, there's no fixing it now without Sega changing a few attitudes and the way they communicate with customers. If they asked me to moderate for them (don't laugh but I did offer), I'd do it though - because the community deserves better than it's getting.

*feels the urge to post on official forums*

with the current "our way or the highway, complaining is trolling" approach there's precious little else to recommend it. I could tell you what a friend got infracted for a day or so ago, but you just wouldn't believe it. I didn't, he didn't, nobody did, but there it was.
I think Edward's gone off the deep end. I got an infraction for asking a question (pertaining to the topic) which was labeled as "off-topic" and "trolling/complaining". All of a sudden there's a large intolerance of comparing our version to the JP.

The world is coming to a end.

Pika, pika...pikachu. Getting back on topic...I don't feel sorry what is happening to Sega right now. That may sound harsh but I've seen and heard some things that didn't make me feel inclined towards sympathy after the first several months of posting on their official forum. Chickens coming home to roost as far as I'm concerned.

Yeah, and that's kind of an awful way of looking at it.

This is very funny coming from you. I know it just kills you that you don't have anywhere to flaunt your authority right now.

What? I'm just an average PSU player, see my status?

Back on topic tho, Sega forums are fun to visit. I usually keep one tab open to netflix, the other to Sega forums. I hope Sega the best with their forums, there's a certain thread I have to get back to.

^-^

Oh my, whatever shall I do?

everyone on this thread is g@y until i posted.That's nice.
What? I'm just an average PSU player, see my status?I could launch a bitting diatribe sailing on a veritable sea of invectives right here, but I'll refrain from doing so. I will, however, say this:

I do not like you and I think you are very bad at your job.

That's nice.I could launch a bitting diatribe sailing on a veritable sea of invectives right here, but I'll refrain from doing so. I will, however, say this:

I do not like you and I think you are very bad at your job.

May I ask your name on the Sega forums?

do u know who i am. i'm LiL HiLLiE. the gay dicksucker.

cool story bro.

So does this mean GAR will be extended? i hope they still do maintenance this week coming ..

So does this mean the end of segac? or will it still go on?

So does this mean the end of segac? or will it still go on?

Seeing as all that the hackers obtained was e-mail addresses, passwords, usernames, and birthdays (or any other info that might have been on the users profile) I doubt it.

The prolonged downtime is probably more to do with them rewriting their security or something. They'll be back eventually, and considering that it's only the websites that are affected, and not the game, I'd say that it's pretty much business as usual.

Seeing as all that the hackers obtained was e-mail addresses, passwords, usernames, and birthdays (or any other info that might have been on the users profile) I doubt it.

The prolonged downtime is probably more to do with them rewriting their security or something. They'll be back eventually, and considering that it's only the websites that are affected, and not the game, I'd say that it's pretty much business as usual.

Ok thanks for reassuring me i was starting get scared for a second..

I'm still unsure what the hackers angles are.. World domination? Money? :-? For what they call "lulz".. All I know is constantly having to change my pw for like my millions of online accounts is getting repetitive. Haha.:(

This is why you keep your software updated.

Hacking is now a new trend I see. Will it ever end?

Hacking is not a new trend by any means. They're like earthquakes in that it happens pretty much constantly. Usually it's minor events, failures, and quiet successes that nobody notices since no damage is done. It takes a major breech (like Sony's) to get people's attention, after which you tend to get more news coverage and start noticing a lot more minor/moderate events. Especially if it inspires copycat attacks. It's more likely an illusion of selective perception (similar to how many people now think that there's been an increase in the frequency of major quakes over the last few decades, even when there haven't been).


Since SEGA's been hacked, I wonder if that means the hackers have access to our PSU character information. That would suck.

Yeah, I'd sure hate to log into my PS2/PC account only to find all my characters had been deleted!



We always enjoy laughing at our mighty men and women in blue, who always manage to create a new definition of things in their own little world and apply it to everyone.

Yeah, but everybody does that, especially in subjects we're not familiar with but still have to deal with. English is replete with words that have the same pronunciation and spelling, but have multiple meanings depending on the context. Especially when moving from a lay vocabulary to a professional one... like science or LAW. Still, by your given definition, the GameShark code kiddies from PSO are supposed to be called hackers.... but I'll never see them that way. I don't see how that description fits the functional or educational difference between someone copying codes they found on the web into a cheat device and someone who can navigate into and gain access to a secured server. Yeah, there are some smart and talented people in the GS community who were responsible for generating the codes, and even moreso in the community which generated the private servers for PSO and (wip) PSU. Many of them definitely fit my conception and could be considered hackers. But little SSJGokuroth who had his mommy buy him a GameShark for his birthday so he can NOL strangers? That's not a hacker.

(Unless by "hacker" you mean he's constantly hacking up copious amounts of hobo spunk from his lungs)


99.99% of the time a hack occurs is because a vulnerability was exposed within the system itself. I find that hacking a program is actually a good thing if done correctly. Some of the most important hacks we all know and love are Patches and Updates. All they do is actually override code with stronger code.

Yeah, and I agree that constructive hacking can be an extremely beneficial tool for improving software and online security. But the flip side of the coin is that no system or software has ever been created, or will likely ever be created, that is totally without vulnerabilities. The right hacker with the right skills will vivisect anything you can throw at them given time. So we end up with a Red Queen scenario where you have to run faster and faster just to stay in the same place. You can only improve your code to make it more secure, but you can never attain total security.

Yeah, I'd hate to log into my PS2/PC account only to find all my characters had been deleted.

I was talking about the 360 servers, as those are still in operation. But, as it stands, I'm sure that our data is safe in that respect.

You're kidding right?

Ok....Lets try an exercise to answer the following question:

Of all the places on the face of the planet one would choose to hack, what would be the your choice? I bet you the majority would not say SEGA, which proves my point exactly. SEGA making up the idea they were hacked to be able to do as they please with accounts and information, blame any target group and also collect on the insurance.

Sorry, but I smell a scandal here. Even a 5th rate hacking group of all places would not choose SEGA. ^_^

So who figures this was just a hackbot (a lot like a spambot but with more SQL inserts instead of cheap viagra) and not someone actively hunting down Sega? I wouldn't put it past Sega to be so vulnerable.




Something as simple as posting an off-topic response in a thread will get you banned for two weeks. It is really quite bad. That's why I'm not such a huge jerkface as I was on PSU Official.B-b-but this post is off topic! :(

On that same target, why would hackers bother with Nintendo, Bethesda or any other game corp? They're around as useless as SEGA would be in the aspect of gaining anything.

I was talking about the 360 servers.

Yeah, I know. I'm just still a bit bitter about all that, and I wanted to let everyone know just in case there was any confusion. I might be a little bit less bitter if I had an Xbox 360 with a working DVD drive in it so I could play the 360 version once in a while. I guess I could get the on-demand version and still play it off the hard-drive, but after buying four copies of PSU already (PC/PS2/360/Gift for a friend)... I've come to the realization that; ya know what? Fuck em. I'm tired of buying the same game over and over and over again, which has apparently been a long-standing habit of mine with Phantasy Star games. I have so many versions of Phantasy Star I-IV, I could turn them all on at once and practically have my own harem full of Alis Landales.

Sorry, but I smell a scandal here.

What.

Of all the places on the face of the planet one would choose to hack, what would be the your choice? I bet you the majority would not say SEGA, which proves my point exactly. SEGA making up the idea they were hacked to be able to do as they please with accounts and information, blame any target group and also collect on the insurance.

I don't think Sega is that clever.

Maybe you're right, but it also seems to me that Sega has had numerous issues just trying to keep their various servers up and running sable. I missed a little over half the first MAG event due to such issues. Hell, most of their major events seems to have at least one signature "glitch" or other issues which lock out a portion of their user base due to billing errors, or invalid authentication, or just plain shutting off because the AC for the office the servers are in broke and major corporations are just as impotent as us little people in trying to get a handy-man out to fix it past 9-5 or over a weekend.

Why hit Sega? Because they're perceived as an easy target? Because the Nintendo hacking attempt was lame, and Sega was long the flip side of that coin? Because they're still considered a big name game developer who's well recognized due to their history as a console manufacturer? Because if they messed with Microsoft, Bill Gates would lock them in a small room with an open jar full of mosquitoes carrying Aids and Malaria (like he did at that one TED conference).

Who knows. But just because you think it's beneath the major hacking groups you're familiar with, or because you can't think of a reason why they should be hacked, that doesn't mean that it wasn't a legitimate break-in by an unaffiliated third party. Hell, maybe Take-Two is venting their frustration at Duke Nukem Forever's bad reception by engaging in some corporate sabotage? If you like conspiracies, maybe the CIA is hitting numerous companies to little effect as a way to demonize online "hack"tivism and toughen up legislature & regulations so that it's easier for them to go after the real "cyber terrorists". Like Wikileaks. :roll:

I just don't think there's enough available evidence or details to warrant a suspicion of what they're telling us at this time. If you're not buying it, then that's perfectly alright. It's just that I'm not buying what you're selling either, ya know.

SEGA making up the idea they were hacked to be able to do as they please with accounts and information, blame any target group and also collect on the insurance.


Haha, oh wow.

Sega is selling all our account names and birthdays for millions of dollars on the black market as we speak.

It's a good thing I never bothered to even sign up on the sega forums in the first place.

Sega is selling all our account names and birthdays for millions of dollars on the black market as we speak.

To be completely honest I don't think anyone's PSU account would be anywhere near a million dollars........

To be completely honest I don't think anyone's PSU account would be anywhere near a million dollars........

I'm just glad I bought that insurance policy on all my meseta and rares.

I'm just glad I bought that insurance policy on all my meseta and rares.

Pft, insurance is for women.

I highly doubt it's a scandal or some sort of hoax to sell our accounts on the black market. I'd like to think that this is just a small-bit white-hat hacker who happened to strike just before the week-end, thus making repair slow.

Surely you jest?

Maybe they are switching back to phpBB.

Oooo look at all the old accounts burst back into life!

I haven't posted here regularly since the first day of the PSOBB Beta.

You're kidding right?

Ok....Lets try an exercise to answer the following question:

Of all the places on the face of the planet one would choose to hack, what would be the your choice? I bet you the majority would not say SEGA, which proves my point exactly. SEGA making up the idea they were hacked to be able to do as they please with accounts and information, blame any target group and also collect on the insurance.

Sorry, but I smell a scandal here. Even a 5th rate hacking group of all places would not choose SEGA. ^_^

Agreed.

I hope the official forums is up soon, this is kinda boring.

I hope the official forums is up soon, this is kinda boring.

You will be waiting probably 2 weeks + bud.

You will be waiting probably 2 weeks + bud.
Nice! Lol.

right when i almost get unbanned for not paying one month and this has to happen. Now i dout ill ever be unbaned

right when i almost get unbanned for not paying one month and this has to happen. Now i dout ill ever be unbaned

You can't get banned for not playing/paying. That just stops access to the servers. All of this is done through XBL.

I wish it was back up... i have stuff to sell!

I don't think Sega is that clever.

Maybe you're right, but it also seems to me that Sega has had numerous issues just trying to keep their various servers up and running sable. I missed a little over half the first MAG event due to such issues. Hell, most of their major events seems to have at least one signature "glitch" or other issues which lock out a portion of their user base due to billing errors, or invalid authentication, or just plain shutting off because the AC for the office the servers are in broke and major corporations are just as impotent as us little people in trying to get a handy-man out to fix it past 9-5 or over a weekend.

Why hit Sega? Because they're perceived as an easy target? Because the Nintendo hacking attempt was lame, and Sega was long the flip side of that coin? Because they're still considered a big name game developer who's well recognized due to their history as a console manufacturer? Because if they messed with Microsoft, Bill Gates would lock them in a small room with an open jar full of mosquitoes carrying Aids and Malaria (like he did at that one TED conference).

Who knows. But just because you think it's beneath the major hacking groups you're familiar with, or because you can't think of a reason why they should be hacked, that doesn't mean that it wasn't a legitimate break-in by an unaffiliated third party. Hell, maybe Take-Two is venting their frustration at Duke Nukem Forever's bad reception by engaging in some corporate sabotage? If you like conspiracies, maybe the CIA is hitting numerous companies to little effect as a way to demonize online "hack"tivism and toughen up legislature & regulations so that it's easier for them to go after the real "cyber terrorists". Like Wikileaks. :roll:

I just don't think there's enough available evidence or details to warrant a suspicion of what they're telling us at this time. If you're not buying it, then that's perfectly alright. It's just that I'm not buying what you're selling either, ya know.

Bill Gates is a coward who failed to stand up for himself many times. His OS has more system crashes due to Windows General Protection Faults and they have mislead many.

Think I am making this up? Here is a screenshot from years ago. Take a look at my process list:

http://www.smashmybrain.com/screenshots/StrippedXP.JPG

Wow...where did all the processes go? The ones we are told to keep active for our security? I can cite 1000s of examples from many programs proving that there is more malicious code in commercial software than what hackers will put together which is one reason why the Open Source movement is important. I can actually SEE THE CODE and COMPILE THE CODE and run the application and feel safe, compared to the pack of lies companies sell you. How is that for conspiracy theories?

"SEGA SEEMS?" or don't you mean "SEGA HAS PROBLEMS AND EVERYONE KNOWS IT?" Afterall they are "Claiming that they were HACKED...I'm sure that we can agree that would be a major problem right?"

When you work in a field where everything is not what it seems and the lines are redrawn daily, you don't look at "good and evil" or "black and white." All you look at is what is there and what is about to happen..You suspect because your gut feeling along from years of experience yields predictability.

Reminds me of the US government bail out plan where one company wanted a bailout...and all of a sudden companies said "Oh look, its free money from the people" and all started lining up and filing claims of financial troubles just to be giving a nice government stipend while the people suffered and most companies never paid the money back taken from the people.

When you work in a field where everything is not what it seems and the lines are redrawn daily, you don't look at "good and evil" or "black and white."

Oh my, you have fallen a long way down the rabbit hole.

Sega would not pretend to be hacked, the reputational damage is too high, just look at what happened to their share prices yesterday. A rational person understands that 5% of your company value is a lot more money than a database of emails is worth. If they wanted to give away our details, all they'd have to do is amend the privacy policy to include sharing data with partners, and watch all the apathetic users fail to complain about it.

It seems far more likely to be one of the following two options:
1) Lulzsec did it even though they say they didn't.
2) Someone else did it for fun, or 'just because they could'.

It's more likely to be a reaction to the CEO of Sega recently saying they'd increased their security measures, going public with comments like that just encourages people to start picking away at things.

It wouldn't surprise me if the attack method was in some way related to the fact that they moved the forum into the Amazon cloud recently, maybe it left the Sega Pass authentication a little more exposed than it should have been, everything was in an enclosed network before that, as far as I'm aware. That is wild speculation though.

It wouldn't surprise me if the attack method was in some way related to the fact that they moved the forum into the Amazon cloud recently, maybe it left the Sega Pass authentication a little more exposed than it should have been, everything was in an enclosed network before that, as far as I'm aware. That is wild speculation though.


I'm betting this is the case, as Sony was also using the cloud as well.

Maybe these people are trying to prove a point that cloud computing isn't the way to go, it's incredibly insecure.

No, that's not what I'm suggesting, there's no reason a self contained cloud based forum would be any less secure than one on a bit of hardware. Despite the marketing spin, 'cloud provision' is just a virtual machine at the end of the day, no different to co-location. My speculation was that the forum needs to have some way of talking to the Sega Pass authentication, and remote hosting opened the door for 'other' things to have a poke at a system that had previously been entirely behind closed doors.

I would stress again though, it's pure speculation :) Could just have easily been anything else. I'm not expecting them to ever tell us.

Oh my, you have fallen a long way down the rabbit hole.

Sega would not pretend to be hacked, the reputational damage is too high, just look at what happened to their share prices yesterday. A rational person understands that 5% of your company value is a lot more money than a database of emails is worth. If they wanted to give away our details, all they'd have to do is amend the privacy policy to include sharing data with partners, and watch all the apathetic users fail to complain about it.

It seems far more likely to be one of the following two options:
1) Lulzsec did it even though they say they didn't.
2) Someone else did it for fun, or 'just because they could'.

It's more likely to be a reaction to the CEO of Sega recently saying they'd increased their security measures, going public with comments like that just encourages people to start picking away at things.

It wouldn't surprise me if the attack method was in some way related to the fact that they moved the forum into the Amazon cloud recently, maybe it left the Sega Pass authentication a little more exposed than it should have been, everything was in an enclosed network before that, as far as I'm aware. That is wild speculation though.

...and why would you move the system into Amazon Cloud to begin with? See how a lot of things do not make sense?

You clearly did not understand my words and turned them the wrong way.

"Hi, my name is X...I'm going to hack SEGA because I can....yeah, that's right! Somehow I feel confident that I can hack SEGA and know exactly what to do. Yeah! There are not other companies I rather hack than SEGA, since SEGA is so popular and advertised everywhere and I care about their great online games like Major League Baseball Online or Phantasy Star...and they get so much airtime of all my 1000s of friends, a total of like...five people counting myself know of these GREAT and AMAZING titles....

.....so yeah, I'll go hack SEGA since I really want to impress the whole world who cares so much about SEGA and plays their games night and day...maybe someone will notice me in my loneliness...Oh ok...I think I'll go crawl in my hole and beat myself until they lower their shields and PRESTO!...Have so much Database Information I haven't the tiniest clue on what the hell to do with...but yeah ok"

Is this what you propose to defend? ^_^

...and why would you move the system into Amazon Cloud to begin with? See how a lot of things do not make sense?

To increase performance while saving local bandwidth, both of which had clearly been an issue for months.

...and why would you move the system into Amazon Cloud to begin with? See how a lot of things do not make sense?

You clearly did not understand my words and turned them the wrong way.

"Hi, my name is X...I'm going to hack SEGA because I can....yeah, that's right! Somehow I feel confident that I can hack SEGA and know exactly what to do. Yeah! There are not other companies I rather hack than SEGA, since SEGA is so popular and advertised everywhere and I care about their great online games like Major League Baseball Online or Phantasy Star...and they get so much airtime of all my 1000s of friends, a total of like...five people counting myself know of these GREAT and AMAZING titles....

.....so yeah, I'll go hack SEGA since I really want to impress the whole world who cares so much about SEGA and plays their games night and day...maybe someone will notice me in my loneliness...Oh ok...I think I'll go crawl in my hole and beat myself until they lower their shields and PRESTO!...Have so much Database Information I haven't the tiniest clue on what the hell to do with...but yeah ok"

Is this what you propose to defend? ^_^
Most people hack things to prove that they can and they do not do it because they are seeking fame. I am really amused at what you are saying please continue...

...and why would you move the system into Amazon Cloud to begin with? See how a lot of things do not make sense?



Just one example of how uninformed you are on the situation. If you've paid any attention at any point in time, you'd have a rational thought.

@THLPSC

..and I am sure you have explicit and direct proof of this...such as statistics, surveys and reports claiming the majority of coders/programmers who hack use it to break into system and showoff?

Please leave the discrimination at home. The great majority of hackers spend their time writing code to improve things, not to destroy. Yesterday I wrote a hardware hack to cut my loading times in psujp by 1/2, which also affect changing weapons. The night before I fixed the AA compatibility layer to allow my Nvidia card to AA PSU. I've been working on an EXE optimizer for a while now to put it all together, which involves more hardware hacks than software hacks..

please tell me that I am doing it to "Show Off" to some group. Please tell me that the hacking I did on my own servers was to try to make other peoples lives miserable. I really do not know where you get your stories and ideas from.

@Powder Keg

I know the architecture, networking and topography of a Cloud. In fact I've optimized Cloud Systems to work and they are fabulous for my own use, however I know the strengths and weaknesses of cloud systems as I've worked with them.

Please learn about strengths and weaknesses for yourself (and I don't mean wikipedia or some flaky site about the matter) and then come back and post about "Cloud" and you will find out that my original post made more than enough sense.

@THLPSC

..and I am sure you have explicit and direct proof of this...such as statistics, surveys and reports claiming the majority of coders/programmers who hack use it to break into system and showoff?

Please leave the discrimination at home. The great majority of hackers spend their time writing code to improve things, not to destroy. Yesterday I wrote a hardware hack to cut my loading times in psujp by 1/2, which also affect changing weapons. The night before I fixed the AA compatibility layer to allow my Nvidia card to AA PSU. I've been working on an EXE optimizer for a while now to put it all together, which involves more hardware hacks than software hacks..

please tell me that I am doing it to "Show Off" to some group. Please tell me that the hacking I did on my own servers was to try to make other peoples lives miserable. I really do not know where you get your stories and ideas from.

@Powder Keg

I know the architecture, networking and topography of a Cloud. In fact I've optimized Cloud Systems to work and they are fabulous for my own use, however I know the strengths and weaknesses of cloud systems as I've worked with them.

Please learn about strengths and weaknesses for yourself (and I don't mean wikipedia or some flaky site about the matter) and then come back and post about "Cloud" and you will find out that my original post made more than enough sense.

Another great post keep them coming!

Keilyn is leet hax yo. i think hes right on the money with this....

Another great post keep them coming!

Say that at your own risk, lol.

@THLPSC

..and I am sure you have explicit and direct proof of this...such as statistics, surveys and reports claiming the majority of coders/programmers who hack use it to break into system and showoff?

Please leave the discrimination at home. The great majority of hackers spend their time writing code to improve things, not to destroy. Yesterday I wrote a hardware hack to cut my loading times in psujp by 1/2, which also affect changing weapons. The night before I fixed the AA compatibility layer to allow my Nvidia card to AA PSU. I've been working on an EXE optimizer for a while now to put it all together, which involves more hardware hacks than software hacks..

please tell me that I am doing it to "Show Off" to some group. Please tell me that the hacking I did on my own servers was to try to make other peoples lives miserable. I really do not know where you get your stories and ideas from.

@Powder Keg

I know the architecture, networking and topography of a Cloud. In fact I've optimized Cloud Systems to work and they are fabulous for my own use, however I know the strengths and weaknesses of cloud systems as I've worked with them.

Please learn about strengths and weaknesses for yourself (and I don't mean wikipedia or some flaky site about the matter) and then come back and post about "Cloud" and you will find out that my original post made more than enough sense.

You know lad same question to ya. I bet you got some sources and stuff that specify that hackers do what they do to benefit things... you know besides themselves? Look at what these current hackers been up to. What has benefited from lulzsec hacking into Sony or the US Government or anyone else they've hacked already? You can argue the "need to improve security leaks" but is lulzsec actually going in and hacking in better security fixes?

It must be a terrible curse to have so much book-smarts and know-how, yet have next to zero common sense.

I must be a terrible curse to have so much book-smarts and know-how, yet have next to zero common sense.

how sad :(

It must be a terrible curse to have so much book-smarts and know-how, yet have next to zero common sense.

Yeah, I totally agree....but it's worse that people are led by a first impression.

"Current hackers" DOES NOT EQUAL "all hackers."

Such discrimination is unworthy...the idea that if one group does something that every hacker out there whether they are employed by software developers or out on their own must pay in blood for the will of one group.

People always "blame" the hackers for everything. Have you any idea the sheer number of times in my own servers people cry "HACKER" because they decided to FTP something to the server and since they don't know how file permissions work they chmod everything in their directory to 777 and the very next day find to see their data deleted and start crying hacker!

SEGA getting hacked? yeah sure.....

"Hi, we are SEGA, we let a forumboard run a private PSObb server and we knowingly did not contain it...as they hacked the hell out of our game and stole profits from us, but who cares? We have the original version that is uber elite in comparison to the trashy version we sent them and made money from it. Then "MAGICALLY" two days after the PSU server closed down, the same exact location that ran a private psobb server just HAPPENED to get a working console to run a PSU server to begin test work on...Oh yeah lets not forget we were given instructions prior to the closing of the server on how to claim save data for new server...suggesting we leaked it ourselves prior to closing and part of the server was active prior to our closing or our beloved NA/EU pc/ps2 server"

People talk about SEGA getting hacked, but SEGA itself has LET people hack them and get away with products. Not to mention server leaks, Denial of Service Attacks. Network problems and even threats reported over the years...

I have never played another online video game that was as disorganized as SEGA has been as a company. Maybe we should talk about if SEGA is even capable of defending itself from such threats due to how disorganized they have proven to be over the years.

You are so uninformed it's not even funny. The private PSOBB servers were up and running long before the official servers went down. If I remember correctly they based it on the Gamecube and Dreamcast server code and then modified it to make it work for PSOBB. Sega didn't give them any files.

As for the private PSU server, you have no idea what you are talking about. Sega didn't give them anything. It's being made entirely by research and reverse engineering. People were logging packets and trying to reverse engineer it months before the official servers went down. That's why an extremely buggy version of a server was up shortly after the official servers went down. People had already been working on it.

I only know of one incident of a GM letting a hacker get away with hacking on the PC servers. And I won't go into details on that here.

Sega however did NOT hand the server files over on a silver platter to the people running private servers. Those have been created by research and reverse engineering.

Well look at what the general public sees. People maliciously revieling their personal information to the public. Something that they had given trust to the company they applied for could keep safe for them. What do you think they'd say to that. Oh gee, lulzsec is doing us a favor by reveling my info and exploiting me from identity fraud or whatever.

Or gee, sure am glad mxpumpitup made that trojan hack its way into my PC because i wanted to learn more about DDR!
There is nothing but bad rep coming to hackers because that is all that the general public see. I sure don't hear anything about benefits of hackers or i guess COMPUTER SPECIALISTS are doing to the general public.

Why don't you show us what wonderful things these COMPUTER SPECIALISTS have done for us the general public and maybe just maybe people will be so less "discriminatory" to them.

I wonder what the Japanese forums are like.

I wonder what the Japanese forums are like.
I would guess so since it was "Sega" That got hacked, but then again who does know? Lol.:-D

Do they even have official forums o_o

There are no Japanese forums.

Oh, i figured if there were it would be like an alternate universe.

the japanese are so elite apparently so they dont need forums.they just get the best service!

the japanese are so elite apparently so they dont need forums.they just get the best service!

No, they use 2ch. And other communication services like anyone else. :???:

"Current hackers" DOES NOT EQUAL "all hackers."

Such discrimination is unworthy...the idea that if one group does something that every hacker out there whether they are employed by software developers or out on their own must pay in blood for the will of one group.

People always "blame" the hackers for everything. Have you any idea the sheer number of times in my own servers people cry "HACKER" because they decided to FTP something to the server and since they don't know how file permissions work they chmod everything in their directory to 777 and the very next day find to see their data deleted and start crying hacker!

SEGA getting hacked? yeah sure.....

"Hi, we are SEGA, we let a forumboard run a private PSObb server and we knowingly did not contain it...as they hacked the hell out of our game and stole profits from us, but who cares? We have the original version that is uber elite in comparison to the trashy version we sent them and made money from it. Then "MAGICALLY" two days after the PSU server closed down, the same exact location that ran a private psobb server just HAPPENED to get a working console to run a PSU server to begin test work on...Oh yeah lets not forget we were given instructions prior to the closing of the server on how to claim save data for new server...suggesting we leaked it ourselves prior to closing and part of the server was active prior to our closing or our beloved NA/EU pc/ps2 server"

People talk about SEGA getting hacked, but SEGA itself has LET people hack them and get away with products. Not to mention server leaks, Denial of Service Attacks. Network problems and even threats reported over the years...

I have never played another online video game that was as disorganized as SEGA has been as a company. Maybe we should talk about if SEGA is even capable of defending itself from such threats due to how disorganized they have proven to be over the years.


As a staff member of that PSO private server, I can definitely call bullshit on your post. :-)

Sega never gave us or sold us anything, for starters, our server opened up back in 2003 using reverse engineering alone using just the bare basics for supporting PSOPC v2 at first before expanding to other platforms.

Getting BB to function required a hell of a lot more effort to get working properly and required a lot of packet logging and reverse engineering as well as the admin's own code to get working to a playable state. Even to this day BB is still not 100% bug free. Sega just didn't know we were doing it. Their security for PSO really wasn't the best out there.



Also, we didn't have anything to do with the PSU private servers, that was all Essen's and nyuzero's doing. Packet logging using proxies can go a long way provided you know how to get around the encryption.

When i go to phantasystaruniverse.com it says "Hi! How are you?" Really weird....

That's extremely weird...mine just says "The site is currently offline while we carry out some essential maintenance. We are sorry for any inconvenience and expect it to be available very soon."

That's extremely weird...mine just says "The site is currently offline while we carry out some essential maintenance. We are sorry for any inconvenience and expect it to be available very soon."

no it says "Hi. How are you?" it's really strange lol

www.phantasystaruniverse.com

you're looking at the forums :P

Not for me.

Weird, the first time I clicked on the link the "Hi. How are you?" was there, now not anymore.

that's kinda creepy :(

As a staff member of that PSO private server, I can definitely call bullshit on your post. :-)

Sega never gave us or sold us anything, for starters, our server opened up back in 2003 using reverse engineering alone using just the bare basics for supporting PSOPC v2 at first before expanding to other platforms.

Getting BB to function required a hell of a lot more effort to get working properly and required a lot of packet logging and reverse engineering as well as the admin's own code to get working to a playable state. Even to this day BB is still not 100% bug free. Sega just didn't know we were doing it. Their security for PSO really wasn't the best out there.



Also, we didn't have anything to do with the PSU private servers, that was all Essen's and nyuzero's doing. Packet logging using proxies can go a long way provided you know how to get around the encryption.

Two wrongs do not make a right.

Reverse Engineering is illegal in any form and the EULA clearly states you will not reverse engineer anything for your own doing or gain. The fact SEGA allowed such a thing to exist without being SUED COMPLETELY out of everything you have as every other game with a PRIVATE SERVER deals with OFFICIAL RESPONSE 99% of the time unless the operation is dead localized is more than puzzling.

Specially as Japanese Companies are known for Effectively going after anyone if it means they can make money from it and protect their products.

One thing I despise about hacking groups as I am a hacker myself in network programming and parallelism simply is the sheer amount of people who do the work and then attempt to convince others that by their will....and reasoning that somehow their work is more legit than others and should be "spared" from prosecution to those who willingly break the law. Always a "freedom fight" and public opinion supporting breaking laws by self-centered natures to always get away not having to pay for anything.

So please....


Stay quiet as the Statute of Limitations for your Infraction is not up.

Amazing that I write network code and modifications for games and set up servers and have permission, but my name gets smeared by the percentage of the people who try to look all official and crap from actually breaking the law and servicing others through it.

I want you to post the letter from the LOCALIZED COMPANY + The PARENT COMPANY (SEGA) that gave you the right to reverse engineer a product PRIOR to the fact and not DURING OR AFTER. I know the law pretty well and you would need both letters Including a Special License you would have to agree with (a new EULA) to be official.

Hey smug-face, SEGA could really care less about private servers. Hell, one of SoA's HR staff members (RubyEclipse) played on one of them for some time.

one can only hope that private servers will someday screw Keilyn out of a job...

I want you to post the letter from the LOCALIZED COMPANY + The PARENT COMPANY (SEGA) that gave you the right to reverse engineer a product PRIOR to the fact and not DURING OR AFTER. I know the law pretty well and you would need both letters Including a Special License you would have to agree with (a new EULA) to be official.

Where's yours?

I want you to post the letter from the LOCALIZED COMPANY + The PARENT COMPANY (SEGA) that gave you the right to reverse engineer a product PRIOR to the fact and not DURING OR AFTER. I know the law pretty well and you would need both letters Including a Special License you would have to agree with (a new EULA) to be official.

Uh-oh! Zer0, you're getting called out...I think. Not that anyone cares what this windbag says, though.

http://www.flamewarriors.com/Assets/blowhard.jpg

Interesting

I dont run private servers to PSObb, nor would I want such a responsibility. I run servers to more interesting games which I actually have "permission."

The thread itself is about SEGA getting hacked and one of the most irregular things that did happen is the fact that SEGA itself does not protect their Internal or External Assets. They allowed a group to launch a private server without any form of major retaliation as its an open and shut case as its that clear on SEGA's behalf....

Now if SEGA can't contain internal threats to their assets, imagine their ability to contain an external threat such as a "hacking group." To this day Phantasy Star Online is the only game I have played where upon launching a private server I haven't seen companies sue everyone to submission. Presently almost every major game has private servers and as soon as the main company gets aware of it or it becomes popular enough the company actually has it shutdown.

What tends to happen is to escape prosecution, these servers get launched in Romania, The Netherlands or even China where they can escape prosecution.

My previous post was also a test...to see how much people truly knew. I will state that those who have replied have failed the test. I intentionally wrote something flawed that would allow a smart person who truly knows inside and out the law in this matter would have instantly gotten the precise scope of what one is liable for and what one isnt. It has to do with Local vs National vs International Interpretation of the Law along with how the Law was Amended several times in the future to the matter.

My point is that most hackers out there who know their grain of salt work a very thin line too...and many know of their Rights and since they operate on such a thin line, They do so with the defense of the law itself for their own protection. You won't find a high-end hacker who is incapable of self-defending their own court cases as a problem arises that many "law abiding" companies love to employ hackers and since a hacker knows they are the first to be screwed they actively make sure no one who hires them has any legitimate way of screwing them over.

I know this pretty well, when I was in a programming team and upon 92% of the project was finished to prevent us from paying us any Royalties, as usual a company fires its main programmers and gets a team of chinese or indians to finish the code....most of us Encrypted the software in a way they could not break it, and since we still had legal copies of our contracts and the way companies defaulted on it...No company would want its reputation smeared so after a few weeks of failure to break the Encryption...What do you know...a Phone Call goes out to rehire the old programming team...Gee I wonder why?

This is a very common trend in the computer world. Like I said before.....Computer Scientists have as many rights as miners and pier-workers did in the 1920s.

So far the people who have replied in this thread have been a self-centered disappointment. My goal isn't to make enemies nor to make friends here. I trust and care really only about people who are in-game who actually play in-game and actively do things together.

I am not shallow enough to believe I should care about my standing in any online forum or community. I don't let people define my worth and although I deal with a lot of crap for it, at least the ball is mostly in my court.

I dont run private servers to PSObb, nor would I want such a responsibility. I run servers to more interesting games which I actually have "permission."

The thread itself is about SEGA getting hacked and one of the most irregular things that did happen is the fact that SEGA itself does not protect their Internal or External Assets. They allowed a group to launch a private server without any form of major retaliation as its an open and shut case as its that clear on SEGA's behalf....

Now if SEGA can't contain internal threats to their assets, imagine their ability to contain an external threat such as a "hacking group." To this day Phantasy Star Online is the only game I have played where upon launching a private server I haven't seen companies sue everyone to submission. Presently almost every major game has private servers and as soon as the main company gets aware of it or it becomes popular enough the company actually has it shutdown.

What tends to happen is to escape prosecution, these servers get launched in Romania, The Netherlands or even China where they can escape prosecution.

My previous post was also a test...to see how much people truly knew. I will state that those who have replied have failed the test. I intentionally wrote something flawed that would allow a smart person who truly knows inside and out the law in this matter would have instantly gotten the precise scope of what one is liable for and what one isnt. It has to do with Local vs National vs International Interpretation of the Law along with how the Law was Amended several times in the future to the matter.

My point is that most hackers out there who know their grain of salt work a very thin line too...and many know of their Rights and since they operate on such a thin line, They do so with the defense of the law itself for their own protection. You won't find a high-end hacker who is incapable of self-defending their own court cases as a problem arises that many "law abiding" companies love to employ hackers and since a hacker knows they are the first to be screwed they actively make sure no one who hires them has any legitimate way of screwing them over.

I know this pretty well, when I was in a programming team and upon 92% of the project was finished to prevent us from paying us any Royalties, as usual a company fires its main programmers and gets a team of chinese or indians to finish the code....most of us Encrypted the software in a way they could not break it, and since we still had legal copies of our contracts and the way companies defaulted on it...No company would want its reputation smeared so after a few weeks of failure to break the Encryption...What do you know...a Phone Call goes out to rehire the old programming team...Gee I wonder why?

This is a very common trend in the computer world. Like I said before.....Computer Scientists have as many rights as miners and pier-workers did in the 1920s.

So far the people who have replied in this thread have been a self-centered disappointment. My goal isn't to make enemies nor to make friends here. I trust and care really only about people who are in-game who actually play in-game and actively do things together.

I am not shallow enough to believe I should care about my standing in any online forum or community. I don't let people define my worth and although I deal with a lot of crap for it, at least the ball is mostly in my court.

*wipes tear from eye* ...you're good.

So because Sega didn't sue ********, they are behind the private servers and hacking?

Did I read that right? Is that what he is now trying to say?

If this is the case did it ever dawn on you that maybe Sega doesn't want to waste time and money in lawsuits over private servers for games they don't support anymore when they could invest it in worthwhile things like PSO2?

For Sega to do anything SoJ would have to actually care about what happens to their products in the west.

Looking at PSU's current state outside of Japan, it's quite obvious that they don't.


I doubt SoA or SoE has the ability to file anything for a game that is no longer being run by the parent company. All they did was localize the game, SoJ still holds all sole rights to it (or at least they did until they shut down too) so it's up to them to decide to take action or not. By the time we supported PSOBB (and might I add it was buggy as hell then), PSU was already on the way and it was quite obvious that Sega was done caring about PSO by then.

So because Sega didn't sue ********, they are behind the private servers and hacking?

Did I read that right? Is that what he is now trying to say?

If this is the case did it ever dawn on you that maybe Sega doesn't want to waste time and money in lawsuits over private servers for games they don't support anymore when they could invest it in worthwhile things like PSO2?

I like how he keeps playing mix & match with the various contexts of 'hacking'. It's a flawed term, being abused in a flawed justification for a flawed argument.

His original stance was that Sega lied about Sega Pass being compromised, which is clearly incorrect. Anyone who really does work in the industry for a legitimate company, knows that the risk associated with losing customer information vastly outweighs any possible gain from giving it away.

As a disclaimer, I work for an .. extremely large processor of credit card data and therefore customer information. For any company, losing customer data is the cardinal sin, egg you can never wipe from your face. It loses you customers, it destroys your reputation in the market, it dissuades investors, and aside from all that opens you up to legal action both from customers and from regulatory bodies. For example, breaching data protection laws in the UK can result in £500,000 fines.

The last thing in the world you'd do is pretend it happened, most try to cover it up in fact when it does. In fact his entire argument is so mired in conspiracist dogma, that I'd be surprised if anything he's said has basis in fact unless it's retold from tech news sites. For example the Splatterhouse / BottleRocket debacle.