The hack into the SegaPass online newsletter and gaming service that the company announced yesterday bears the hallmarks of a Lulz Security attack. Confidential login information for some 1.3 million users was leaked, just like what LulzSec did with information from Pron.com, Sony, and an unnamed site tentatively identified as Writerspace. But unlike those leaks, which LulzSec bragged about on its Twitter stream and posted on its Web site, the mischievious hacking group has denied this one vehemently. In a tweet on Friday, the group offered to help Sega: "We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down."
The denial and the offer for help (assuming they're legitimate) seem to be part of a LulzSec's newly activist direction. The site is positioning itself as a force for good, or at least openness, in the world of internet security. The group issued a manifesto last Friday that asserted its intent to illuminate security flaws by taking advantage of them and leaking the data. "What makes you think a hacker isn't silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off?" The group wrote. "This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly."
Overnight, the group issued a call to action to its followers to likewise demonstrate security weaknesses, especially in government sites. "We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships," the group wrote of its Operation Anti-Security, calling on hackers to post the phrase "AntiSec" on sites they compromised. "Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you're aware of the corruption, expose it now, in the name of Anti-Security." This morning Twitter pictures started coming in showing the call had been answered, at least offline.
As for SegaPass, the site is still down, and so far, no culprit has been found.