Image courtesy of ESEA

E-Sports Entertainment Association (ESEA) was the victim of a security breach in late December, which resulted in the comprimise of a database containing the information linked to 1.5 million user profiles.

The online competitive service, which allows subscribers to participate in pick-up matches, compete in leagues, and track their statistics along the way, gained knowledge of the breach on December 27th, 2016, and issued a warning three days later regarding the leak of user information. It was not until this past Saturday, January 7th, 2016, that breach notification service LeakedSource announced the addition of 1,503,707 ESEA records to their database. ESEA commented on the breach once more via Twitter when the information appeared to become publicly available:

Individuals who feel their account information may have been compromised can enter their email address into the provided field on LeakedSource's website; the leaked data includes user registration date, location (city, state or province), time last logged in, username, first and last name, bcrypt hash, current email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID. While ESEA did notify its users of the security breach in December, they did not confirm whether the data was taken directly from their databases.

A spokesperson from LeakedSource said that the ESEA security breach was part of a ransomware hacking attempt, where the responsible party demanded $50,000 to decrypt the system and allow service to resume. While ESEA did make note of the incident, via Twitter and their official website, they did not specify any information regarding a hacking-based extortion attempt. 

As of Sunday, January 9th, 2016, ESEA services appear to have returned to their normal operation status.

Images courtesy of ESEA