The ESports Entertainment Association (ESEA), a major Esports network with millions of active users, has been the victim of a huge hack that has seen a database including 1.5 million user accounts being compromised.
The ESEA is one of the largest online communities for Counter-Strike: Global Offensive, boasting around 5 million views per month. The site was hacked on December 30, 2016, with ESEA issuing another update last weekend in which they revealed that they had reason to believe that user data had been obtained by those behind it. The statement reads:
“Recently news has been made that ESEA’s user data has been leaked online. We expected something like this could happen but have not confirmed this is ESEA’s data. We notified the community on December 30th, 2016 about the possibility this could happen. The type of data and storage standards was disclosed. We have been working around the clock to further fortify security and will bring our website online shortly when that next round is complete. This possible user data leak is not connected to the current service outage.”
This has now been all but confirmed by Leaked Source, a service devoted to notifying users of online security breaches, with the site having claimed that 1,503,707 ESEA records had been lifted by the perpetrators of the hack. According to reports the hacker attempted to extort the ESEA, after requesting that the site handed over $50,000 in exchange for the data. The ESEA refused to do so, instead rolling out two-step authentication and automatically changing the passwords of its users.
Many ESEA users on the CS:GO subreddit have confirmed that their accounts have been compromised, with the hacker able to obtain their registration date, city, state (or province), last login, username, first and last name, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID. Others have vented their frustrations that the ESEA had shown a “complete disregard for [our] password security,” pointing to a year-old thread in which many complained of its outdated registration system, which saw passwords emailed to people in plaintext and inadequate verification systems.
To its credit, ESEA has been up front with users regarding this hack, and hopefully its newly employed security measures will help prevent such a situation happening in the future. For now users should hurriedly change their login data, and be thankful that their passwords were not included in this major data breach.