SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

Pierluigi Paganini January 03, 2022

SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. 

At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN Overview reported.

The unsecured S3 bucket contained multiple sets of AWS keys that could have allowed threat actors to access many of SEGA Europe’s cloud services along with MailChimp and Steam keys that allowed access to those services. in SEGA’s name.

“Researchers found compromised SNS notification queues and were able to run scripts and upload files on domains owned by SEGA Europe. Several popular SEGA websites and CDNs were affected.” reads the report published by VPN Overview.

sega vulnerabilities-hack-infographic-updated 2

The unsecured S3 bucket could potentially also grant access to user data, including information on hundreds of thousands of users of the Football Manager forums at community.sigames.com.

Below is the list of bugs in SEGA Europe’s Amazon cloud reported by the company:

FINDINGSEVERITY
Steam developer keyModerate
RSA keysSerious
PII and hashed passwordsSerious
MailChimp API keyCritical
Amazon Web Services credentialsCritical

The security firm states that there are no indications malicious third parties accessed the sensitive data or exploited any of the mentioned vulnerabilities prior to them.

The researchers reported that they were able to upload files, execute scripts, alter existing web pages and modify the configuration of critically vulnerable SEGA domains.

The list of affected domains includes downloads.sega.com, cdn.sega.com, careers.sega.co.uk, sega.com, and bayonetta.com. Many of the impacted domains have high domain authority scores.

The compromise of some of the company domain would have allowed attackers to distribute malware via SEGA’s infrastructure.

“In particular, the CDN at downloads.sega.com hosts *.pdf and *.exe files. Malicious parties would potentially use CDNs to distribute malware and ransomware. SEGA Europe made sure attacks involving their CDNs aren’t possible any longer.” continues the report.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, S3 bucket)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment