The most remarkable thing about Sega’s Sega Pass system getting hacked last Thursday isn’t LulzSec’s subsequent show of support–well that’s not the only remarkable thing anyway–but it’s the video game developer’s ability to act quickly and defensively on behalf of its users. In fact, for a video game provider that is currently dwarfed by Sony, Sega’s spin-dash to damage control makes us wonder how Sony dropped the bomb when it was being hacked over and over and over again.
Sega–taking detailed notes on the crisis that’s left Sony’s brand battered–noticed the security breach last Thursday and promptly suspended all accounts indefinitely on Friday.
That same day, the company issued the following statement via its website and newsletters:
As you may be aware, the SEGA Pass system has been offline since Thursday 16 June.
This is because we had identified that unauthorised entry was gained to our SEGA Pass database.
We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text.
Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion.
If you use the same login information for other websites and/ or services as you do for SEGA Pass, you should change that information immediately.
We have also reset your password and all access to SEGA Pass has been suspended.
Additionally we recommend you please take extra caution if you should receive suspicious emails that ask for personal or sensitive information.
Therefore please do not attempt to login to SEGA Pass at present, we will communicate when the service becomes available.
We sincerely apologise for this incident and regret any inconvenience caused.
We are contacting all our members with these recommendations.
By comparison, when Sony was hacked, up to a week had elapsed before customers were notified.
Sega not only outsourced their security, but they didn’t make a dunderheaded move like storing such critical information in plain text files. For Sony, their security approach didn’t appear nearly as airtight. And whereas Sega served up transparency, Sony offered two different anecdotes for why customers were left in the dark about their compromised accounts: This and this–with an overlying culprit being an industry precedent in not reporting attacks to customers potentially affected.
While it is specious, in some regard, to compare both developers’ response to getting hacked, it’s still worth noting that Sega minimized its PR fall-out in a way that Sony–had it not waffled for a week–could’ve as well.
The biggest disparity between how Sega and Sony dealt with the hacking of their respective web properties ultimately lies in something that’s universal across all industries: Customer outreach. Sega made it one of their first priorities, even acknowledging that users are likely to use the same login information across the web, reseting their Sega Pass credentials, and freezing their accounts for the sake of continued security. Sony’s tight-lipped response, on the other hand, didn’t inspire much confidence.
Ultimately, both attacks were a peculiar shakedown that leveled the playing field: Sega’s ability to spindash defensively when Sony twiddled its thumbs may recast both entities in the gaming vertical–in a big way.
Apart from a much more iron-clad handling of login information, Sega simply reached out to customers. Sony’s inability to do either and then later cite industry precedent may go a long way in alienating a key segment of its customers. And once alienated, this might be a segment that later defects to another provider–perhaps Sega–that they can trust to safeguard their information.
NOW WATCH: Tech Insider videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.