After a hack in December, over a million and a half user profiles from the ESEA, a major online eSports community which jointly runs a CS:GO league, have leaked online. It appears the ESEA declined to pay a ransom request.
Dip a toe in the world of competitive gaming with one of the best multiplayer games on PC.
On December 30 last year, the eSports Entertainment Association (ESEA) warned that a hack of their user data was possible. On Saturday, breach tracking site LeakedSource claimed to have obtained a total of 1,503,707 ESEA user records, allegedly after the ESEA failed to pay a $50,000 ransom demand. Yesterday the ESEA updated their warning, saying “news has been made that ESEA’s user data has been leaked online. We expected something like this could happen but have not confirmed this is ESEA’s data.”
This has since been confirmed on Reddit and by larger users, such as streamer Jimmy Whisenhunt, collaborating with ESEA. Anew FAQ states that ESEA “were made aware of a security breach” on December 27, in which “theft of certain user account information appears to have taken place.” If you’re suspicious about the delay before the announcement, there could be any number of good reasons why the ESEA would sit on the information, such as reviewing security, checking what was stolen, reporting it to the authorities, who might advise a delay, et cetera.
The FAQ advises users to change their passwords and security questions for the ESEA and all sites that use similar information, and “review any such accounts for any suspicious activity.”
The ESEA claim that “since learning about the intrusion, we have identified and secured the cause of the breach” and repeatedly state they are working with legal and security experts to ensure it doesn’t happen again. They also say “we have reached out to the FBI” for help tracking down the hacker “and will support their investigation in any way we can.”
The leaked records include registration date, city, state or province, most recent login, username, forename and surname, the password’s bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID and PSN ID, but there are more than 90 fields in total associated with a given player record. Passwords are safe (thanks to hashing), but the other data could be used for various nefarious ends.
The ESEA is one of the world’s largest communities for eSports and competitive gaming, and they jointly run a pro CS:GO gaming league with the European ESL. Prize money was $1,000,000 in 2015.