The news of the data breached came on Sunday when ESEA official twitter account tweet about the breach and warning its users for the data may get leaked online.
Last Saturday, breached notification service LeakedSource announced that about 1.5 million records of ESEA users have been added to their database. The leaked records include registration date, city, state (or province), last login, username, first and last name, bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID.
There are about 90 fields associated with a given player record in the ESEA database. While the passwords are safe, the other data points in the leaked records could be used to construct a number of socially-based attacks, including Phishing.
But ESEA refused to give the ransom demanded by hackers and went public with details before the hacker could publish anything.
A spokesperson for ESL Gaming (parent company to Turtle Entertainment) said -
"We take the security and integrity of customer details very seriously and we are doing everything in our power to investigate this incident, establish precisely what has been taken, and make changes to our systems to mitigate any further breaches. The authorities (FBI) were also informed and we will do everything possible to facilitate the investigation of this attack,"The statement also confirms the affected user count of 1.5 million, and stressed the point that ESEA passwords were hashed with bcrypt. When it comes to the profile fields, where more than 90 data points are listed, ESL Gaming says those are optional data points for profile settings. Not everyone took advantage of them however.
For recovery efforts organization have reset the users account password, multi-factor authentication tokens and security questions.