The ESEA is an eSports community that runs a popular Counter-Strike league. In December, the groups’ security was breached and the person or group responsible made off with 1.5 million user details.
Breach announcement and detail checking site, LeakedSource made the notification of the breach public on the 7th January. In it, they claim to have 1,503,707 ESEA profile records in their database. The ESEA confirmed the series of events with a timeline of what occurred. The below events are a summarised version, click for the full version:
- 27th December – The bad actor contacted ESEA through the bug bounty program saying they had breached their services and demanded $100,00 in ransom to not release the data.
- 28th-29th December – ESEA identified the method of intrusion and isolated the system and patched the vulnerability.
- 30th December – The community were informed and passwords were reset. The FBI were informed.
- 31st December – 6th January – The ESEA continued to strengthen their security while demands and threats continued.
- 7th January – The person or group responsible managed to use the information they had obtained to enter one of the game servers and use functions usually limited to some users. They were able to edit Karma (community feedback system) of users but not able to view or access and personal information from the game server.
- 8th January – The information obtained from the breach was released as the ransom went unpaid. Additional security measures were implemented.
- 9th January – The FBI were updated and 3rd party enquiries were managed.
In the breach, it appears information obtained includes numerous items
We are still investigating but believe that a large portion of the ESEA community members’ information including usernames, emails, private messages, IPs, mobile phone numbers (for SMS messages), forum posts, hashed passwords, and hashed secret question answers could all have been exposed,
The main concern is that the information may be used in phishing attempts so be cautious with regards to emails. Plus, if you are a member of the ESEA and have used the same password and email combination in other locations, it is worth doing a security review and update passwords on those accounts as well.