The details and personal information of over 1.5 million accounts in the care of the E-Sports Entetainment Association (ESEA) have been leaked online, after the company refused the random demands of hackers.
“The security breach that we were made aware of on December 27, 2016 resulted in the theft of user data by a threat actor,” reads the official statement from the ESEA. “This threat actor demanded a ransom payment and threatened to sell or publish the customer data. We do not give into extortion and ransom demands and we take the security of customers’ data very seriously.”
“In addition to investigating the incident and reporting it to the authorities, we have been working to isolate the vector attack and secure the vulnerability,” it continues. “This has led to some recent system downtime, for which we apologize and which we aim to keep to a minimum in the coming days.”
In an FAQ, the ESEA recommends that users change their passwords and security questions across all other accounts that might be using similar information. Compromised information includes usernames, emails, private messages, IPs, mobile numbers, forum posts, hashed passwords, and hashed secret question answers.
The ESEA was contacted on December 27 by the hackers, with a random demand of $100,000 USD. The company worked to patch the security loophole, informed their community, and on December 30 contacted the FBI to investigate.
The hackers leaked the information on January 8 when the ESEA refused their demands.