ESEA hacked for Ransom, 1.5 million Users data Leaked

ESEA got hacked and 1.5 million users data leaked online
ESEA hacked, ESEA server breached
E-Sports Entertainment Association (ESEA), one of the largest competitive video gaming communities on the planet, was hacked last December. As a result, a database containing 1.5 million player profiles was compromised.

The news of the data breached came on Sunday when ESEA official twitter account tweet about the breach and warning its users for the data may get leaked online. 

Last Saturday, breached notification service LeakedSource announced that about 1.5 million records of ESEA users have been added to their database. The leaked records include registration date, city, state (or province), last login, username, first and last name, bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID.

There are about 90 fields associated with a given player record in the ESEA database. While the passwords are safe, the other data points in the leaked records could be used to construct a number of socially-based attacks, including Phishing.

The reason behind the hack was to extortion of the money (Ransom), as leaked source mentioned that hackers have demanded $50,000 USD for the not making users data online and address a security flaw into ESEA system.

But ESEA refused to give the ransom demanded by hackers and went public with details before the hacker could publish anything.

A spokesperson for ESL Gaming (parent company to Turtle Entertainment) said -
"We take the security and integrity of customer details very seriously and we are doing everything in our power to investigate this incident, establish precisely what has been taken, and make changes to our systems to mitigate any further breaches. The authorities (FBI) were also informed and we will do everything possible to facilitate the investigation of this attack,"
The statement also confirms the affected user count of 1.5 million, and stressed the point that ESEA passwords were hashed with bcrypt. When it comes to the profile fields, where more than 90 data points are listed, ESL Gaming says those are optional data points for profile settings. Not everyone took advantage of them however.

For recovery efforts organization have reset the users account password, multi-factor authentication tokens and security questions. 
Read Also
Post a Comment