It has just been confirmed that the core database of Esports Entertainment Association (ESEA) was hacked sometime last month. Having failed to extort the management by using the breach as leverage, the perpetrator has now released the account details of around 1.5 million players to the public.
As one of the largest competitive video gaming communities around, ESEA houses information on millions of players across the globe. These private records include registration date, city, state (or province), last login, username, first and last name, bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID.
However, the passwords for the accounts were not part of the breach. While that part of the data is still safe, the leaked information can possibly be used by others to construct a number of attacks on social media, including attempts at phishing.
According to an explanation on Twitter, ESEA knew beforehand that the information dump was inevitable but it was waiting to ascertain if the leak came from its own systems. “We have been working around the clock to further fortify security,” promised the esports organization.
Over the weekend, breach notification service Leaked Source announced the addition of 1,503,707 ESEA records to its database. Since then, multiple players have confirmed their information by searching themselves on the website.
It has also come to light that the hacker was demanding $50,000 from ESEA as ransom payment. In exchange, the hacker would keep silent about the database breach and help the management to plug the security hole in its systems. However, ESEA decided to not pay the hacker which resulted in today’s data leak.
It’s not important whether your ESEA details were part of the leaked content or not. If you were associated with the organization at any time in the past, it’s highly advised to immediately change the passwords of your main accounts.