Security lapse could have exposed Sega customers and employees to malware, ransomware and phishing attacks.
Sega Europe could have easily fallen victim to a data breach as security researchers recently discovered that the company had left sensitive files stored insecurely on a publicly accessible database. Researchers at the security firm VPN Overview found the files in question stored on a misconfigured Amazon Web Services ( AWS) S3 bucket. They were also able to obtain multiple sets of AWS keys that gave them read and write access to Sega Europe’s cloud storage. In addition to sensitive files, the misconfigured S3 bucket contained was also used to host websites for a number of popular Sega properties including Sonic the Hedgehog, Bayonetta, Football Manager and Total War as well as Sega’s official site.
