ESEA e-sports league hack yields 1.5m user profiles

When you usually hear about hacked user databases, they usually involve adult sites, social networks, political groups, or e-mail service providers. Once in a while, you'll also hear about hacks to digital game stores. Rare, however, are cases of hacks of independent gaming communities. But when you're the world's largest e-sports communities, not to mention makers of anti-cheating software, you definitely have a larger than usual target on your back. That was apparently the case with the E-Sports Entertainment Association or ESEA, whose database got broken into late last year, with the hacker getting away with potentially sensitive information of over 1.5 million ESEA accounts.

The ESEA was reportedly informed on December 27th that it got hacked. Three days later, it informed players that they were indeed informed but didn't exactly divulge details, only that certain pieces of information might be leaked eventually. The warning came with the usual admonish to change passwords, etc.

"Eventually" happened last Sunday, when LeakedSource, a breach notification service, announced the addition of 1,503,707 records, all of them relating to ESEA players. The League, however, insisted that the user leak is connected to them at all. The details stored in those accounts, however, seem to prove otherwise.

From a slice of the database provided by LeakedSource, one is able to glean more than 90 fields of information tied to a single player. That includes names, birth dates, e-mail addresses, phone numbers, Steam IDs, Xbox IDS, PSN IDs, and more. While the passwords of users themselves seem to be safe, the other pieces of data could be used to either guess user's credentials or for use in phishing schemes.

LeakedSource says that the hack was an extortion scheme, with the hacker demanding $50,000 in ransom. Said hacker even volunteered to help ESEA fortify its security afterwards and keep quiet about the incident. Given how the matter has gone public, one can only presume the ESEA didn't fall for it. It has, however, remained silent since then.

VIA: CSO from IDG