Over 1.5 million user records leaked after alleged cyber-extortion attempt fails

Hackers Leak 1.5M Users’ Details from Esports Site After Failed Ransom

More than 1.5 million usernames and passwords from popular competitive gaming community ESEA have leaked online following an attempted ransom by a hacker who managed to steal the data from the website. If you happened to be a member of the premium matchmaking service, then you may want to keep an eye out as over 1.5 million user accounts have been compromised in a database breach. They also say "we have reached out to the FBI" for help tracking down the hacker "and will support their investigation in any way we can".

ESEA said that hackers first contacted the organization on December 27 to say that they had broke into its computer networks, stole user data, and wanted payment with the threat that they would leak the information or sell it on the black market.

"We do not give in to ransom demands and paying any amount of money would not have provided any guarantees to our users as to what would happen with their stolen data", ESEA said. Instead of giving into the demand, ESEA reset passwords as well as applying multi-factor authentication and security questions, Said CSO Online's Steve Ragan (Salted Hash).

Players on Reddit have confirmed that their information is discoverable in the leaked data. While there is an assurance that those passwords are safe, the other data in the leaked records can be used in the construction of social-based attacks that can include phishing. "This threat actor demanded a ransom payment and threatened to sell or publish the customer data".

The hashed passwords are encrypted with bcrypt, ESEA said, which means they should be very hard to crack.

ESEA is understood to have been hacked in December, affecting a database of 1.5m users.

"We take the security and integrity of customer details very seriously and we are doing everything in our power to investigate this incident, establish precisely what has been taken, and make changes to our systems to mitigate any further breaches". On Jan 7, the company discovered that the hacker was also able to exfiltrate intellectual property from their compromised servers.

"Recently news has been made that ESEA's user data has been leaked online", ESEA said. You should have already been warned to change your account information, but you can see if your ESEA account information was leaked by putting in your email address here. "We will continue to work with both our developers and independent security experts to improve our security and invest in strengthening ESEA's infrastructure going forward".

Related News: