A list of 27 user names and encrypted passwords allegedly for an Apple website was posted to the Internet over this past weekend along with a warning from hacker group Anonymous that the Cupertino-based computer maker could be a target of its attacks.
The list was posted to the Pastebin website, a hosting site for text files, by an unknown user under the title “Not Yet Serious.” It wasn’t immediately clear if the user is a member of the Anonymous hacking group, but the existence of the file became widely known after Anonymous linked to it in a Twitter message.
“Not being so serious, but well,” the message read before linking to the PasteBin page. “Apple could be target, too. But don’t worry, we are busy elsewhere,” the message said.
The data appears to be a set of user names and encrypted passwords from an SQL database for an online survey at the Apple Business Intelligence website. The site is currently offline.
Apple did not immediately respond to a request for comment.
In an apparently unrelated posting, a Lebanese grey-hat hacker called idahc_hacker said he had found vulnerabilities on another Apple website. The SQL injection and iFrame code attacks can be used by hackers to gain unauthorized access to data.
Grey hat hackers do not normally hack for malicious purposes and the Lebanese hacker did not post and data obtained from the site.
In pointing out the hacks, he said he was not part of Anonymous or LulzSec, an allied group that disbanded recently.
Japanese video game maker Sega Corp said on Sunday that information belonging to 1.3 million customers has been stolen from its database, the latest in a string of global cyber attacks against video game corporations.
Names, birth dates, e-mail addresses and encrypted passwords of users of Sega Pass online network members had been hacked into, Sega said in a statement, though payment data such as credit card numbers was safe. Sega Pass had been shut down.
“We are deeply sorry for causing trouble to our customers. We want to work on strengthening security,” said Yoko Nagasawa, a Sega spokeswoman, adding it is unclear when the firm would restart Sega Pass.
The attack against Sega, a division of Sega Sammy Holdings that makes game software such as Sonic the Hedgehog as well as slot machines, follows other recent significant breaches including Citigroup, which said over 360,000 accounts were hit in May, and the International Monetary Fund.
The drama surrounding the recent round of video game breaches paled compared to what PlayStation maker Sony Corp experienced following two high-profile attacks that surfaced in April.
Those breaches led to the theft of account data for more than 100 million customers, making it the largest ever hacking of data outside the financial services industry.
Sega Europe, a division of Sega that runs the Sega Pass network, immediately notified Sega and the network customers after it found out about the breach on Thursday, Nagasawa said.
Lulz Security, a band of hackers that has initiated cyber attacks against other video game firms including Nintendo, has unexpectedly offered to track down and punish the hackers who broke into Sega’s database.