These past few weeks have been one long public service announcement about not using the same username and password combo for sites.
SEGA Pass is the latest victim, sending out emails today which state that the system has been offline since yesterday (16 June) due to “unauthorised entry”. According to SEGA’s own investigation into the problem, “a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained”. The passwords weren’t just stored in plain text, which makes a nice change.
No payment details are stored by SEGA in this database, so there’s no need to worry about that. However, as per the usual drill, if you used the same user/pass combo on sites besides SEGA Pass, you’d be wise to change them.
SEGA Pass passwords have currently been reset and access is temporarily suspended. Further emails will be sent out when the system is available again.
Source: My inbox (no, you can’t have a link to that).