At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN Overview reported.
The unsecured S3 bucket contained multiple sets of AWS keys that could have allowed threat actors to access many of SEGA Europe’s cloud services along with MailChimp and Steam keys that allowed access to those services. in SEGA’s name.
“Researchers found compromised SNS notification queues and were able to run scripts and upload files on domains owned by SEGA Europe. Several popular SEGA websites and CDNs were affected.” reads the report published by VPN Overview.
The security firm states that there are no indications malicious third parties accessed the sensitive data or exploited any of the mentioned vulnerabilities prior to them.
