The E-Sports Entertainment Association (ESEA), one of the largest Counter-Strike: Global Offensive (CS: GO) organizations with one of the biggest communities in the world. ESEA is responsible for a plethora of online and LAN tournaments, with the most recent example being the ESEA Season 23 Mountain Dew Challenge Global LAN Finals, which local CS: GO team Bravado Gaming took part in, was hacked in late December.
About the ESEA hack
On 30 December 2016, ESEA announced that their website has been hacked and issued a FAQ security update. On Sunday, ESEA explained on TwitLonger that: “Recently news has been made that ESEA’s user data has been leaked online. We expected something like this could happen but have not confirmed this is ESEA’s data. We notified the community on December 30th, 2016 about the possibility this could happen. The type of data and storage standards was disclosed. We have been working around the clock to further fortify security and will bring our website online shortly when that next round is complete. This possible user data leak is not connected to the current service outage.” - Source
Since the Tweet via Twitlonger above, it has been reported by multiple news outlets, for example PC Gamer and CSGO Online that breach notification service LeakedSource has added 1,503,707 ESEA records to their database. The hacker didn’t instantly leak the user records, but reportedly first issued a ransom demand of $100,000 to not release of sell the user data, according to a detailed post by ESEA.
ESEA didn’t give in to the ransom demands, explaining that: “We do not give in to ransom demands and paying any amount of money would not have provided any guarantees to our users as to what would happen with their stolen data. The most responsible course of action was to share the incident with the authorities and our community so each individual could take steps to secure their accounts.”
ESEA further talks about the leaked information: “We are still investigating but believe that a large portion of the ESEA community members’ information including usernames, emails, private messages, IPs, mobile phone numbers (for SMS messages), forum posts, hashed passwords, and hashed secret question answers could all have been exposed. We apologize for the incident that has taken place, as it is our responsibility to do everything possible to secure the data of our users. We will continue to work with both our developers and independent security experts to improve our security and invest in strengthening ESEA’s infrastructure going forward." - Source
The hack undoubtedly a massive blow and users are afraid that their information might be used in phishing attempts, while others just obviously don’t like their private information being leaked. ESEA users have confirmed on Reddit that their information has been discovered in the leaked database, and Twitch.tv’s Jimmy Whisenhunt also confirmed something similar on Twitter.
How to safeguard your information
If you think your information might have been leaked and want to safeguard yourself, ESEA provides the following instructions:
“Change your passwords and security questions/answers for any other accounts on which you used the same or similar information used for your ESEA account, and review any such accounts for any suspicious activity. Additionally, be cautious of any unsolicited communications that ask you for personal information or refer you to a website asking for personal information.” - Source
ESEA has also confirmed in their FAQ about the hack that they have identified the source of the vulnerability used in the hack and have subsequently patched it. According to ESEA, after users have followed the instructions above, they “should feel confident in the ongoing security of their data on ESEA’s systems.” Further, ESEA has apologized for the incident and states that they will “continue to work with both our developers and independent security experts to improve our security and invest in strengthening ESEA’s infrastructure going forward.”
ESEA has also reached out to the FBI and states that they will support the FBI’s investigation in any way they can. Hopefully, the person or persons responsible for the hack and subsequent leak will be caught.
Do you have an ESEA account and what do you think about the hacking incident? Let us know in the comment section below.
Sources: ESEA FAQ, ESEA, Twitter, PC Gamer, CSGO Online
Sillicur Twitter / MWEB GameZone Twitter | Facebook | YouTube