Security News > 2022 > January > SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More

SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
2022-01-04 20:49

Gaming giant SEGA Europe recently discovered that its sensitive data was being stored in an unsecured Amazon Web Services S3 bucket during a cloud-security audit, and it's sharing the story to inspire other organizations to double-check their own systems.

The laundry list of SEGA's potentially exposed data is nauseating - API keys, internal messaging systems, cloud systems, user data and more.

The VPN Overview report provided a detailed disclosure that the exposed bucket held "Multiple" sets of AWS keys, which could have provided malicious access to all of SEGA Europe's cloud services.

The keys to SEGA's Europe's MailChimp and Steam API keys were left unprotected, meaning attackers could have sent out communications through SEGA Europe's account, the report said.

The exposed S3 bucket could have also allowed access to both the simple notification service used by the company's IT team to communicate as well as 531 of SEGA Europe's content delivery networks, the team found.

The analysts were also able to access files on three SEGA CDNs. Gaming Companies' Data: 'Treasure Troves'.


News URL

https://threatpost.com/sega-security-aws-s3-exposed-steam/177352/