It would seem that SEGA had some security problems, fortunately returned: according to a report by VPN Overview , the software house would incorrectly configure one of its European servers, allowing third parties to upload files to different SEGA domains and potentially leaving the emails of over 250 thousand users.
VPN Overview was able to execute scripts on the sites accessible on the server and, through an API key of the Mailchimp email marketing service, stored incorrectly, they were able to access the list of addresses of which over it. It was also possible to access the associated IP addresses and passwords . According to the report, “an attacker could have created highly effective ransomware using SEGA's compromised email and cloud services” .
Fortunately, this security flaw was discovered by security researchers and was quickly fixed, so it shouldn't have been exploited by bad guys.
