A reported number of over 1.5 million ESEA account information was leaked online after a hacker tried to launch a ransom attack.
ESEA is the E-Sports Entertainment Association League. This is an esports community. It functions in the competitive video gaming area. E-Sports entertainment Association is the founder of the community.
ESEA was made famous by a number of facts. Its anti-cheat software is one such reason. The gaming community has a special system. This allows all users to play matches with one another. Their skill levels are not taken into account.
Earlier this week, ESEA released a statement. In the official blog post, it revealed that it had been hacked. More exactly, it was the target of a ransomware attack. A hacker managed to breach and steal website user data. Following this action, a ransom was requested.
The hacker demanded $100,000. If the sum was not paid, hacked user information would be leaked online. According to its official statement, the gaming community did not to pay.
ESEA provided further attack details. The issue is said to have started late last year. A hacker contacted the website. It claimed to have gained access to user data. The message was sent through the bug bounty program. This ESEA program offers a reward to users which report bugs.
The compensations are either money or points. This messenger requested the aforementioned sum. ESEA turned to patching the exposed vulnerability. This was exploited so as to acquire the data.
During patching, the website stated to have kept in touch with the hacker. In late December, community members received a notification. This advised them to change user passwords. It was sent on December 30, 2016. An initial contact with the hacker reportedly took place three days earlier.
The hacker breached once again the website. This second hack took place on January 07, 2017. According to the statement, it modified player karma levels to -1337. This system allows the community to leave feedback.
Reports state that the second attack did not implicate additional user data. ESEA intellectual property hosted on the same server may have, nonetheless, been affected.
- ESEA released a list of potentially leaked account information.
- This includes the following. Usernames and passwords.
- E-mail addresses could have also been targeted. As have forum posts.
- Security question answers, were also accessed.
- Phone numbers and IP addresses could have also been leaked.
- As would private messages.
These latter can be the cause of a bigger concern. Such data can be used to identify the users. It would do so as it offers personal and private information.
According to reports, the hacked data was, in fact, leaked. Such information made its way to LeakedSource. This is a searchable database. Massive in size, it hosts hacked account data.
ESEA did point out the following fact. All the passwords and security question answers are quite well protected. More exactly, they are hashed and encrypted.
“Hashed” data is converted into unreadable character strings. These are specifically designed. As such, they are impossible to convert and be read into plain text. LeakedSource also confirmed this fact. It also pointed out the website’s six rounds of bcrypt.
As such, user passwords and security answers are still safe. However, other data could still be a cause for concern. Quite an amount of information was accessed.
ESEA users are encouraged to undertake some security measures. They are advised to change account passwords. As such, they can ensure that their account will not be compromised. Users might suspect that they may be a potential victi. If so, they can check for their ESEA account data on LeakedSource.
A detailed timeline of the ransomware is offered in the ESEA statement. The website also went to apologize to its users for the theft. It will also reportedly be working so as to prevent such future attacks.
Image Source: Pexels