[BreachExchange] ESEA hacked, 1.5 million records leaked after alleged failed extortion attempt

Inga Goddijn inga at riskbasedsecurity.com
Mon Jan 9 10:00:46 EST 2017


http://www.csoonline.com/article/3155397/security/esea-hacked-1-5-million-records-leaked-after-alleged-failed-extortion-attempt.html

E-Sports Entertainment Association (ESEA), one of the largest competitive
video gaming communities on the planet, was hacked last December. As a
result, a database containing 1.5 million player profiles was compromised.

On Sunday, ESEA posted a message to Twitter
<http://www.twitlonger.com/show/n_1spgt4i>, reminding players of the
warning issued on December 30, 2016, three days after they were informed of
the hack. Sunday’s message said the leak of player information was
expected, but they’ve not confirmed if the leaked records came from their
systems.

Late Saturday evening, breach notification service LeakedSource
<https://www.leakedsource.com/main/> announced the addition of 1,503,707
ESEA records to their database. When asked for additional information by
Salted Hash, a LeakedSource spokesperson shared the database schema, as
well as sample records pulled at random from the database.

The leaked records include registration date, city, state (or province),
last login, username, first and last name, bcrypt hash, email address, date
of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN
ID.

However, in all, there are more than 90 fields associated with a given
player record in the ESEA database. While the passwords are safe, the other
data points in the leaked records could be used to construct a number of
socially-based attacks, including Phishing.

Players on Reddit have confirmed their information was discovered
<https://www.reddit.com/r/GlobalOffensive/comments/5mowdh/esea_hacked_info_leaked_confirmed_hltv_also/>
in the leaked data. A similar confirmation was made
<https://twitter.com/jimmywhis/status/817946494258905088> Twitch’s Jimmy
Whisenhunt on Twitter.

The LeakedSource spokesperson said that the ESEA hack was part of a ransom
scheme, as the hacker responsible demanded $50,000 in payment. In exchange
for meeting their demands, the hacker would keep silent about the ESEA hack
and help the organization address the security flaw that made it possible.

In their previous notification, ESEA said they learned about the incident
on December 27, but make no mention of any related extortion attempts
<https://play.esea.net/?s=content&d=securityupdate>. The organization reset
passwords, multi-factor authentication tokens, and security questions as
part of their recovery efforts.

Salted Hash has reached out to press contacts at ESEA, as well as those for
Turtle Entertainment, the parent company listed on the ESEA website. We’ve
reached out to confirm the extortion attempt claims made by the hacker, as
well as the total count for players affected by the data breach.

This story will be updated as new information emerges.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170109/4755d078/attachment.html>


More information about the BreachExchange mailing list