Gaming Network ESEA Breached, 1.5M Profiles Leaked

Information from a recent breach of a competitive video gaming community surfaced over the weekend online.
Data purportedly belonging to 1.5 million members of video gaming community ESEA, the E-Sports Entertainment Association League, was added to LeakedSource’s list of “Hacked Sites” on Saturday. According to the site, a repository of breached data, it has information on 1,503,707 users of the ESEA site.
Esea (dot) net was hacked recently, all user data has been leaked online today.

— News About Security (@BigSecurityNews) January 8, 2017
ESEA said on Twitter Sunday while it hadn’t confirmed data leaked online belonged to its users, it said that it “expected something like this could happen.”
ESEA Outage and Security Update
Read: https://t.co/M2plmwhzmG
— ESEA (@ESEA) January 8, 2017
“We notified the community on December 30th, 2016 about the possibility this could happen,” ESEA said. “The type of data and storage standards was disclosed. We have been working around the clock to further fortify security and will bring our website online shortly when that next round is complete. This possible user data leak is not connected to the current service outage.”
In a blog post, published Dec. 30, Craig Levine, E-Sports Entertainment co-founder, said ESEA became aware of a security breach on Dec. 27. Levine couldn’t confirm it at the time, but said there was a possibility that a variety of user data might have been taken including usernames, emails, private messages, IP addresses, mobile phone numbers, any forum posts they published, hashed passwords and hashed secret question answers.
Levine said that only the phone numbers of users who set their accounts up to receive SMS messages were likely taken. He added that account passwords were encrypted with the password hashing function bcrypt. Levine says the company doesn’t store payment information, so user credit card data wasn’t compromised by the incident.
In wake of the hack, the community claims it forced a password reset, multi-factor authentication reset, and a security question reset for all accounts. ESEA said it was investigating the incident and trying to determine what exactly had been taken at the end of December.
It’s unclear what the company’s investigation has turned up over the past week though. On Twitter, ESEA directed users on Monday to the community’s Dec. 30 memo. Neither ESEA, nor Turtle Entertainment Online, an entertainment conglomerate based in Germany that owns the community, responded to requests for comment on Monday.
Can someone explain why a site with 1.5m users getting hacked (ESEA) is causing such a ruckus on the internet? 1.5m is tiny, not even top100
— News About Security (@BigSecurityNews) January 9, 2017
多家安全公司发现新型网购木马骗术正全面升级,要有效打击整个链条,确实很需要银证联盟,支付网关、电商同安全厂商之间协同合作。
A breach of 1.5 million users is relatively small potatoes, especially in the wake of Yahoo’s disclosure last month that data from one billion accounts was stolen, but the news has still gotten the attention of ESEA’s fervent following.
王健生增持海峡石油化工300万股
@ESEA sad attempt to cover your own asses instead of offering transparency and an apology for this second breach – seriously pathetic
— trig (@trig8787) January 8, 2017
@ESEA Hopefully your password encryption is as good as your anticheat!
— ★ 404 (@MegaShenster) January 8, 2017
The service, which bills its software as being anti-cheat proof,  counts many active users of the multiplayer first-person shooter video game Counter-Strike among its subscribers. News of the hack also came as ESEA was winding down a publicized competition it was running with Mountain Dew and ESL dubbed League Champions.
It’s not the first time that the ESEA has run into an issue with its security. In November 2013 it settled with the state of New Jersey after the attorney general there claimed the community was infecting users’ machines with malware to mine Bitcoin. ESEA reportedly mined $3,500 in Bitcoin from more than 14,000 machines. ESEA disagreed with the charge but agreed to pay the state $325,000 of the $1 million penalty.
在应用系统建设阶段并没有充分考虑到安全防护的需要,对于安全的建设,“头痛医头、脚痛医脚”的现象比较普遍。缺乏对信息安全的全盘考虑和统一规划。

猜您喜欢

2016中国大数据大会暨年度盛典即将在京举办
CyberSecurity网络安全宣传——勿忘在外时的资产保护
借助云端EHS培训服务快速建立安全与健康检查培训体系
全球35名侏儒儿童相见欢
WAY2SITES ABBEYGARDENS
保密讲堂第一弹:准确定密并正确标识国家秘密