Posted on December 31, 2021 at 3:34 PM
A recent report has exposed how Sega Europe could have easily fallen victim to a data breach. The report shows that cybersecurity researchers were analyzing the Sega Europe database where they found that the company failed to secure information properly, leaving them vulnerable to a breach.
The researchers stated that the company had stored sensitive information on a publicly accessible database. This exposed some of the most trivial details about the company, which threat actors could have used to launch attacks.
Sega Europe could have suffered a data breach
The vulnerable data was discovered by researchers at the VPN Overview security firm. The researchers stated that the sensitive information was stored in a misconfigured Amazon Web Services (AWS) S3 bucket.
The researchers also noted that they could obtain several sets of AWS keys. These keys allowed them to read and write their access to the Sega Europe cloud storage. This was quite easy for them to do, which begged the question of whether the company was aware of the dangers they had exposed the information to once threat actors discovered the vulnerability.
The misconfigured S3 bucket did not just contain sensitive files from the company that could reveal crucial details. The misconfigured S3 bucket was also used in hosting websites for some of the most popular properties at Sega. These websites included Sonic the Hedgehog, Bayonetta, Football Manager and Total War. The Sega official website was also hosted here.
Collectively, there were 26 public domains controlled by Sega Europe that were left vulnerable after information was stored in the publicly accessible database. Researchers from VPN Overview noted that they managed to upload files, execute scripts, change the existing web pages and alter the configuration of Sega domains that were left vulnerable.
Given the extent of the information left exposed, the websites and the company were left exposed. In such instances, threat actors can breach these systems and extract the information used in attacks such as phishing or ransomware attacks. Such information is also sold on the dark web, whether other threat actors can gain access to it, further compromising the company’s security.
Email and cloud services were compromised
The investigation from the researchers at VPN Overview also noted that an API was recovered. The API was affiliated with MailChimp, an email marketing software. The API allowed the researchers to send email messages using the mail address: email@example.com.
The researchers later sent a series of messages using this email address to test the access. The researchers noted that every email address that was sent appeared to be legitimate. Additionally, it also implemented TLS encryption.
After doing this, the researchers configured the templates available on MailChimp and created their own by giving them clear access. The researchers noted that it was the same case with the emails sent to the Football Manager. The users appeared to be legitimate, which allowed an external party to access without the required permissions.
As such, the users were able to bypass the email security checks. If a threat actor identified this vulnerability and attempted to exploit it, they would have managed to access the protocol and launch phishing campaigns. Such campaigns could have compromised the accounts of users by tricking them into sending their personal details.
Phishing campaigns are some of the most popular ones among threat actor groups because they lie to users to share their credentials and personal details. This information can, later on, be used to compromise online accounts, and some of the sensitive customer details can be sold to other threat actors that want to dupe users fraudulently.
The report from VPN Overview also notes that the researchers managed to upload and replace files. This was done on three content delivery networks (CDNs) belonging to Sega.
In most cases, third-party websites linked to the CDN of a company for the official version of an image or a file. The report noted that 531 additional domains affiliated with Sega Europe were affected in the process.
Consecutively, an attacker could have taken advantage of the company’s CDNs to distribute malware to user devices or to launch a ransomware attack for financial gains.
The possibility of a breach if a threat actor discovered the database was massive. After the researchers from VPN Overview discovered the misconfigured S3 bucket, they contacted Sega Europe. The company has since secured this database, and the affected cloud services and software have been fixed.