.

Healthy Passwords

.

.

Sega Pass Website Breached

Date: 2011-06-18 08:58:21

On Thursday, June 16, 2011, Sega shutdown public access to it's Sega Pass network. Sega sent emails to it's users explaining breach including:

  • emails addresses

  • dates of birth

  • encrypted passwords

In the announcement, Sega said "To stress, none of the passwords obtained were stored in plain text."

Encrypted passwords are much better than other recent breaches at Sony and Writerspot, where the passwords were stored in plain text. Coming days will reveal the strength of the encryption used. If weak, publicly known, hashing algorithms were used, we may still see posted password lists in the near future.

It's time for companies to wise up. They should store usernames in a different place than passwords and join the two using meaningless keys. This makes it much harder to compromise a system, since the attackers must compromise two different systems to join the data. See It is Time for Website Login Credential Compliance Programs for ideas websites can use to improve authentication security.

June 20, 2011 - Update

According to Reuters, 1.3 million customers had data stolen

Category: Breach

Subcategory: Passwords

blog comments powered by Disqus
McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

 Subscribe in a reader

.

Leaf

Leaf

Home | Live CD Listing | Password Worksheet | Third Party Ratings | Purchase | Errata | Contact | News | News Archive | Legal

Copyright © 2011, Sustainable Alternatives, LLC | Ligonier, PA 15658 | 724-238-9560 | All Rights Reserved.

 Sustainable Alternatives, LLC BBB Business Review
Leaf

.

Leaf