Over 1.5 million gamer profiles were potentially compromised when the E-Sports Entertainment Association (ESEA) — one of the largest competitive gaming communities in the world - was hacked in December.
“Recently news has been made that ESEA’s user data has been leaked online. We expected something like this could happen but have not confirmed this is ESEA’s data,” the ESEA tweeted.
“We notified the community on December 30th, 2016 about the possibility this could happen. The type of data and storage standards was disclosed. We have been working around the clock to further fortify security and will bring our website online shortly when that next round is complete. This possible user data leak is not connected to the current service outage.”
A day prior to this LeakedSource, a breach notification service stated that 1,503,707 ESEA records were added to its database. Over 90 fields are related to player records. These include registration date, city, state (or province), last login, username, first and last name, email address, date of birth, zip code, phone number, Steam ID, Xbox ID, and PSN ID among others.
While passwords are safe, it doesn’t mean ESEA’s users are in the clear. The accessible data could be used in social engineering attempts for unscrupulous sorts to gain access to user accounts. According to LeakedSource, the ESEA hack was orchestrated as a ransom scheme with the hacker demanding $50,000 in exchange for silence and assisting the ESEA in addressing in rectifying the flaw that allowed it to do so.