ESEA hacked, leaking 1.5 million gamers' records
Up to 90 fields of data have been stolen, according to LeakedSource
The personal details of more than 1.5 million E-Sports Entertainment Association (ESEA) members have been stolen following a hack in December.
Information such as registration date, city, state (or province), last login, username, first and last name, bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID may have been obtained by the hackers according to breach notification service LeakedSource.
The organisation told its users about the hack shortly after it happened and then reminded them on 30 December before releasing a statement the day after LeakedSource announced the data had been stolen.
"Recently news has been made that ESEA's user data has been leaked online," ESEA said. "We expected something like this could happen but have not confirmed this is ESEA's data. We notified the community on December 30th, 2016 about the possibility this could happen. The type of data and storage standards was disclosed."
The security breach was part of a ransomware attack, according to LeakedSource. The hacker reportedly asked for $50,000 in payment and in exchange, they would help ESEA patch the vulnerability it used to break into the association's systems.
ESEA has not revealed whether it gave in and paid the hackers or just reset user passwords, multi-factor authentication tokens and security questions to protect their users' identities.
"We have been working around the clock to further fortify security and will bring our website online shortly when that next round is complete," the organisation said, adding, "this possible user data leak is not connected to the current service outage."
-
Apple’s Siri overhaul is a ‘watershed moment’ in its long-awaited AI pushNews The revamped Siri AI could put to rest questions over its lackluster approach to AI, providing it nails the roll-out
-
AMD chief exec Lisa Su touts UK’s AI potential as firm eyes £2bn investmentNews The deal will see a new AI supercomputer built in Cambridge and partnerships with Imperial College London and Oriole Networks
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recovery
News Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
