“We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems. We have identified that a subset of Sega Pass members’ email addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text,” the company said.
Sega uses external payment providers for all its premium services, so users’ payment details were not at risk from this intrusion.
Sega has reset all passwords and recommended anyone who uses the same or similar login information on other sites to change it immediately. The company also recommends users do not attempt to log in to the forums until it has sent out an all-clear notification.