Security News > 2022 > January > SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
Gaming giant SEGA Europe recently discovered that its sensitive data was being stored in an unsecured Amazon Web Services S3 bucket during a cloud-security audit, and it's sharing the story to inspire other organizations to double-check their own systems.
The laundry list of SEGA's potentially exposed data is nauseating - API keys, internal messaging systems, cloud systems, user data and more.
The VPN Overview report provided a detailed disclosure that the exposed bucket held "Multiple" sets of AWS keys, which could have provided malicious access to all of SEGA Europe's cloud services.
The keys to SEGA's Europe's MailChimp and Steam API keys were left unprotected, meaning attackers could have sent out communications through SEGA Europe's account, the report said.
The exposed S3 bucket could have also allowed access to both the simple notification service used by the company's IT team to communicate as well as 531 of SEGA Europe's content delivery networks, the team found.
The analysts were also able to access files on three SEGA CDNs. Gaming Companies' Data: 'Treasure Troves'.
News URL
https://threatpost.com/sega-security-aws-s3-exposed-steam/177352/
Related news
- Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket (source)
- API security blind spots put businesses at risk (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- Ransomware abuses Amazon AWS feature to encrypt S3 buckets (source)
- Attackers are encrypting AWS S3 data without using ransomware (source)
- Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked (source)