Pierluigi Paganini
January 03, 2022
At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN Overview reported.
The unsecured S3 bucket contained multiple sets of AWS keys that could have allowed threat actors to access many of SEGA Europe’s cloud services along with MailChimp and Steam keys that allowed access to those services. in SEGA’s name.
“Researchers found compromised SNS notification queues and were able to run scripts and upload files on domains owned by SEGA Europe. Several popular SEGA websites and CDNs were affected.” reads the report published by VPN Overview.
The unsecured S3 bucket could potentially also grant access to user data, including information on hundreds of thousands of users of the Football Manager forums at community.sigames.com.
Below is the list of bugs in SEGA Europe’s Amazon cloud reported by the company:
| FINDING | SEVERITY |
|---|---|
| Steam developer key | Moderate |
| RSA keys | Serious |
| PII and hashed passwords | Serious |
| MailChimp API key | Critical |
| Amazon Web Services credentials | Critical |
The security firm states that there are no indications malicious third parties accessed the sensitive data or exploited any of the mentioned vulnerabilities prior to them.
The researchers reported that they were able to upload files, execute scripts, alter existing web pages and modify the configuration of critically vulnerable SEGA domains.
The list of affected domains includes downloads.sega.com, cdn.sega.com, careers.sega.co.uk, sega.com, and bayonetta.com. Many of the impacted domains have high domain authority scores.
The compromise of some of the company domain would have allowed attackers to distribute malware via SEGA’s infrastructure.
“In particular, the CDN at downloads.sega.com hosts *.pdf and *.exe files. Malicious parties would potentially use CDNs to distribute malware and ransomware. SEGA Europe made sure attacks involving their CDNs aren’t possible any longer.” continues the report.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, S3 bucket)
[adrotate banner=”5″]
[adrotate banner=”13″]
