The Electronic Entertainment Expo is an annual video game industry trade event that takes place at the Los Angeles Convention Center in the USA. Media and content creators are provided media badges by the ESA upon completion of the application process. According to gaming website Game Informer, this process includes applicants providing their phone numbers, physical and email addresses and other personal information.
The ESA made the list of media and content creators public on their website without the permission of the people on the list. The information was available in spreadsheet form and was available for anyone who visited the ESA website. The information of over 2,000 media personnel and content creators is said to have been made public through this leak. This error was first spotted by Sophia Narwitz, a games writer and YouTube content creator, on 2 August 2019. The ESA removed the list of information shortly after the revelation, but it was available for public download for a significant amount of time so people could still have it on their devices.
Shortly after the ESA removed the list from their website, they issued a statement to various American gaming news websites saying, “ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again.”
The ESA later issued a full apology, which you can view here courtesy of games industry website, GamesIndustry: “The Entertainment Software Association (ESA) was made aware yesterday of a website vulnerability on the exhibitor portal section of the E3 website. Unfortunately, a vulnerability was exploited and that list became public. We regret this happened and are sorry. We provide ESA members and exhibitors [with] a media list on a password-protected exhibitor site so they can invite you to E3 press events, connect with you for interviews, and let you know what they are showcasing. For more than 20 years there has never been an issue. When we found out, we took down the E3 exhibitor portal and ensured the media list was no longer available on the E3 website. Again, we apologize for the inconvenience and have already taken steps to ensure this will not happen again.”
A number of the people who have had their information leaked have since been victims of doxing, online and telephonic harassment and many other forms of harassment. The ESA could face legal trouble, as the data breach goes against the EU’s General Data Protection Regulation (GDPR). Due to the nature of this leak, the ESA could face fines from the GDPR that could amount to $23 million.
Edited by Kojo Essah
Follow Kojo Essah on Twitter
Follow IT News Africa on Twitter