The E-Sports Entertainment Association said in a statement on Monday that after it refused to pay a $100,000 ransom, hackers released the data of many of its users, including names, email addresses, gaming IDs, hashed passwords, dates of birth and phone numbers.
Information such as registration date, city, state (or province), last login, username, first and last name, bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID may have been obtained by the hackers according to breach notification service LeakedSource
“We do not give into extortion and ransom demands and we take the security of customers’ data very seriously. In addition to investigating the incident and reporting it to the authorities, we have been working to isolate the vector attack and secure the vulnerability,” the ESEA said in its statement.
The ESEA, a company that organizes primarily Counter-Strike: Global Offensive matches and tournaments, has not released an official tally of how many accounts were compromised, but it did acknowledge in its statement that LeakedSource.com has the full dataset. LeakedSource.com, a site that collects hacked information so individuals can verify whether they have been compromised, shows 1,503,707 accounts from ESEA.net in its database.
“We have been working around the clock to further fortify security and will bring our website online shortly when that next round is complete,” the organisation said, adding, “this possible user data leak is not connected to the current service outage.”