ESEA hacked, 1.5 million records leaked after alleged failed extortion attempt

the_syco

Don't use it myself, but posting here for the CS:GO people who use USEA.

https://play.esea.net/index.php?s=news&d=comments&id=14936

Q: Was ESEA the subject of an extortion attempt?
A: Yes. The threat actor who stole the data demanded money not to sell or publish the customer information.


Q: Where has the stolen user data been published?
A: To our knowledge, just on LeakedSource at this time.


Q: Why didn’t ESEA pay the ransom demand of $100k?
A: We do not give in to ransom demands and paying any amount of money would not have provided any guarantees to our users as to what would happen with their stolen data. The most responsible course of action was to share the incident with the authorities and our community so each individual could take steps to secure their accounts. At the same time, we have worked around the clock to isolate the attack vector, patch the vulnerability and further upgrade our security program.


Q: Was the system downtime over the weekend due to further hacker intrusion?
A: Only as much as it was due to security upgrades and patching.


Q: As reported, was more than 90 lines of user information stolen?
A: We disclosed the personally identifiable information in our announcement to the community on December 30, which included “usernames, emails, private messages, IPs, mobile phone numbers (for SMS messages), forum posts, hashed passwords, and hashed secret question answers. All ESEA user account passwords are using bcrypt, an industry best practice for securing passwords. ESEA does not store any sensitive payment information (credit card, bank account, etc.), so any payments made on the ESEA website, or through third parties, have not been compromised.”

There are additional optional fields of data for user profiles which make up a larger percent of the data stolen, which ESEA users can enter to further complete their publicly viewable profile page. Such data points include favorite drink, favorite food, favorite esports player, their computer hardware specifications, Xbox gamer tag, and PlayStation Network ID to allow other users to interact with them through those platforms, etc. All users add those data fields knowing that it is publicly viewable on their profile page, and may include different amounts of completion for these optional profile fields.

Burgo

It's amazing they have lasted this long, one controversy after another. Hopefully this will give another comapny a better crack at the american market.

Shiminay

What is ESEA for and who uses it? Never heard of it till now.

Burgo

Shiminay wrote: »

What is ESEA for and who uses it? Never heard of it till now.

Its a paid service for playing games competitively, primarily for counter strike.
It allows you to use high quality servers and has their own anti cheat client you must run in order to play.Which is supposedly better at stopping/catching cheaters than valve anti cheat(VAC). Generally the skill is higher than that of valve matchmaking. It's a massive part of the american cs scene, less so here in Europe where there are other services such as ESL, Faceit etc.

The previous owners have always been on the unpleasant side, banning people from the site/service for raising complaints, or just disagreeing with them on their forums. A few years ago their anti cheat client had a bitcoin miner embedded in it without the knowledge or consent of the user. They were brought to court and paid out something to the tune of a million over it.