E-Sports Entertainment Association, popularly known as ESEA is a well-known video gaming community. In fact, it is one of the largest of all video gaming communities across the globe. It is, therefore, not surprising that malicious cyber-criminals would look for a way to attack this particular platform. According to reports, ESEA website was hacked on 27th December 2016 and hackers managed to compromise profiles of around 1.5 million players.
The hacked records include username, first name, last name, last login date/time, registration date, city/state/province, e-mail ID, date of birth, zip code, bcrypt hash, phone number and URL address of the website. Additionally, the Steam, Xbox and PSN IDs of the players have also been part of the hacked database. The sensitivity of this database is quite evident.
It is worth noting that the ESEA registration form contains 90 fields, which actually is the entire player record of the customer. None of the information is protected except for the passwords. This means hackers can use the leaked data to carry out social engineering bases attacks such as phishing attacks.
On December 30th, the association informed its players, approx. three days after the attack actually happened, about the hack attack and subsequent data breach. The warning was posted on Twitter. However, the association didn’t announce the number of players’ profiles compromised or the nature of the attack.
This information was made public on Saturday by none other than LeakedSource, the famous breach notification service. LeakedSource stated that there has been an addition of over 1.5 million (1,503,707 to be precise) ESEA records on their database.