Change your passwords, if you can

#1 Edited by Brenderous (1100 posts) -

EDIT: Before you click the link below, you should know that there is some discussion over whether this is a legit email from sega or not. I get all my PSO-related emails from Sega from the isao.net domain, including the ones for creating a SEGA ID and all that. This particular email was from sega_id@isao.net.

We cool? Ok.

ANOTHER EDIT: It's totally legit.

The following is a google translation of an email I received from Sega last night:

This e-mail, contact us and to become important to protect your precious information,
We send to everyone that is registered with the SEGA ID.

Current evidence, who is attempting to unauthorized login to SEGA ID of others has been confirmed, there is a possibility that "hacking account type list" by a malicious third party has been attempted.

If you use multiple services in the same password for ID ·,
Risk of becoming a victim of "hacking account type list" will be very high.

Hacking in order to prevent damage, the password for the SEGA ID, we highly recommend that you change the passwords on a regular basis and to set a unique password has not been used for other services.

If you do not have to change a long period of time, please reset the password from "password reset page" or as soon as possible, have in common with other services for a password.

Resetting the password page ▼
https://cha.isao.net/profile_oem/OEMPassResetStart.php?product_name=sega

In addition, The company is also currently a study on this unauthorized access, such as registration information does not spill has been confirmed so far.

※ "hacking account type list" refers to the act to login to exploit a list of ID · password was obtained illegally from an unspecified company and services. Been done and put away the bad login,
In service in that our, in-game items, such as theft,
There could be exploited important data.

For information on how to administer the concrete SEGA ID / password, so Please let me guide below, Please confirm the same time.

○ · passwords for password management for safety, please change to something difficult to guess on a regular basis.

○, such as a combination of alphanumeric characters - to set a password difficult to guess, as long as possible, please set the complex.
And character-name SEGA ID, date of birth and telephone number, etc., are easy to guess, please do not use any other.
· Please do not set a password that you've previously set.

○ the same ID and password you are using a service other than · SEGA ID and to set things differently from other services, such as e-mail address is not used.

○ even if it was a close one, please do not tell SEGA ID and password, never again, do not teach to a third party, third party SEGA ID, a password.
-To borrow the SEGA ID and third parties, including those close friends, and family,
Please do not "share account" so-called.
• In the corresponding support, to ask you about your password for SEGA ID is not available at all our stakeholders.

○ When using the SEGA ID in public places Please be careful not to share with others SEGA ID, to enter the password when you log in to the game.
• After the use of the Service is recommended that you make a password change.

○ on was kept always up to date anti-virus software on your PC-to enforce security measures of PC,
Please carry out sufficient checks from daily life.
Will update the software, and various OS, please apply the latest security measures.

○ disguised as an e-mail or from a site you do not click suspicious site is not viewed, the link-suspicious participants, please note the "phishing" to defraud and password ID, such as credit card numbers. The "outside" our stakeholders
Directed to the site asking, SEGA ID and password, are not needed.
· Modus operandi to be induced to enter the site ID and password have been known to fake.
Please check these not to enter lightly.
Rogue program is installed from the page by using tools such as ActiveX,
ID and password may be stolen.

○ malicious programs are not installed in the incorrect program-do not run because some contains a virus, steal your password and ID of the person who used to run is, of course, please ensure that you do not install it.

I will continue to strive to enjoy the service with peace of mind to everyone,
We apologize for any sorry to trouble you, thank you much for your cooperation.

I tried to login to change my password, but I couldn't get in. Pretty sure my account in gonzo.

#2 Posted by OldGuy (1552 posts) -

cha.isao.net? Yes. That seems legit.

#3 Edited by Xymox (2083 posts) -

Hmm. I got a "Differs from the ID information has been registered." when I tried to change mine, found the same mail in my inbox.

Also, it does seem legit, because: http://whois.domaintools.com/isao.net

And sega_id@isao.net is the same email that's been sending stuff since I signed up. So unless it's the most elaborate scam in history...

#4 Edited by Brenderous (1100 posts) -

Yeah, that does look pretty fishy. I've seen it around on some sites though...

Maybe I'll take this post down for now in case its bad news bears.

EDIT:

Actually, it's from the same email I get all my PSO stuff from, so I think it's legit.

#5 Edited by Ravenlight (8040 posts) -

I got the same email, and the link you edited out (for good reason) brings me to a Sega-branded landing page, but I'm still not 100% positive the whole thing is legit.

The problem lies in that web design in Japan is stuck in the 1990s and I'm not sure if the page was hastily cobbled together to steal my info, or just a victim of how Japan likes their internet to look.

#6 Posted by Brenderous (1100 posts) -

@Xymox said:

Hmm. I got a "Differs from the ID information has been registered." when I tried to change mine, found the same mail in my inbox.

Ah, a friend reminded me that you have to type your username in all lowercase.

#7 Posted by shadowthrone (57 posts) -
#8 Posted by Xymox (2083 posts) -

@Brenderous said:

@Xymox said:

Hmm. I got a "Differs from the ID information has been registered." when I tried to change mine, found the same mail in my inbox.

Ah, a friend reminded me that you have to type your username in all lowercase.

That solved it, cheers.

#9 Posted by Ravenlight (8040 posts) -

@Xymox said:

@Brenderous said:

@Xymox said:

Hmm. I got a "Differs from the ID information has been registered." when I tried to change mine, found the same mail in my inbox.

Ah, a friend reminded me that you have to type your username in all lowercase.

That solved it, cheers.

I was having the same problem. Thanks for posting about the lowercase!

#10 Posted by Jeff (3486 posts) -

It's a legit email, but it's only reporting that they're seeing an increase in wordlist attacks on their login form. There's no breach on the Sega side, people are just trying email/pass combos they found in other, previous hacks. So if you use the same password for everything, you may want to change your password.

Staff
#11 Posted by Fattony12000 (7310 posts) -

@Jeff: Phew! Thanks Jeff-Dawg!

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.