Before we begin, it is my understanding that this thread was created once several hours ago and wiped from the site. With little transparency, I can only assume this was done in order to reduce the spread of the sensitive information, in the hopes that it would be taken down before it got too out in the open. That opportunity has long passed, and the unsecured info has already hit one of the web's largest repositories of doxxing and harassment (which should go unnamed and certainly unlinked). Harassment has already begun. The explicit purpose of this thread is to make people aware of the monumental damage that has been done, in the hopes that the ESA may be taken to task for what it has allowed to occur, and to help inform those potentially affected.
While I was in the process of creating the previous version of this thread, Jeff Grubb published a piece on Venture Beat. This thread needs to stop being deleted, as the information has already been exposed and is being publicly discussed by the journalists affected.
But all of that doesn't really explain what happened, does it?
The ESA, the main trade group for the gaming industry, and which notably hosts the Electronic Entertainment Expo (or E3) stored a significant amount of personal information on those with approved media credentials for E3 2019 in an easily accessible document on the E3 website. This document was publicly accessible, and the information found its way to the formerly-mentioned-but-to-remain-unnamed doxxing and harassment oriented website, which itself has heavy ties to Gamergate. The personal information listed, which is now freely available to the internet, includes phone numbers, email addresses, and home addresses. Over 2000 people have been affected by this, including several of my own acquantainces and personal friends in the industry. Several journalists have already received unwanted text messages from Gamergate-affiliated garbageperson and pretend reporter Nick Monroe, which repeated back to them much of their own personal information, mere hours after the information was found to be available.
Let's repeat that. Over 2000 journalists and content creators who attended E3 this year have had their home addresses and phone numbers permanently exposed by the organization that runs it, and the information has already made its way into the hands of personalities tied to the harassment movement Gamergate. This information has already been used to harass journalists, and harassment and intimidation will undoutably increase. The impact of this careless leak of information will be felt for years to come.
The ESA has released a statement, which somewhat misleadingly refers to the publicly accessible document as a "website vulnerability", a technically meaningless phrase that will likely bring to mind hacking and security loopholes rather than a lack of security.
Previous instances of similar data breaches have led to significant legal action, a current notable example being the class action lawsuit against Equifax.
EDIT: Updating with some info on what to do if you are affected
First, a thread from Steve Bowling outlining some steps that should be taken immediately, click through and read the entire thread
Second, a helpful post from Rotobit for UK citizens hoping to file a GDPR complaint
EDIT 2: Leaked information expands, now covers three different E3 events
While I was in the process of creating the previous version of this thread, Jeff Grubb published a piece on Venture Beat. This thread needs to stop being deleted, as the information has already been exposed and is being publicly discussed by the journalists affected.
But all of that doesn't really explain what happened, does it?
The ESA, the main trade group for the gaming industry, and which notably hosts the Electronic Entertainment Expo (or E3) stored a significant amount of personal information on those with approved media credentials for E3 2019 in an easily accessible document on the E3 website. This document was publicly accessible, and the information found its way to the formerly-mentioned-but-to-remain-unnamed doxxing and harassment oriented website, which itself has heavy ties to Gamergate. The personal information listed, which is now freely available to the internet, includes phone numbers, email addresses, and home addresses. Over 2000 people have been affected by this, including several of my own acquantainces and personal friends in the industry. Several journalists have already received unwanted text messages from Gamergate-affiliated garbageperson and pretend reporter Nick Monroe, which repeated back to them much of their own personal information, mere hours after the information was found to be available.
Let's repeat that. Over 2000 journalists and content creators who attended E3 this year have had their home addresses and phone numbers permanently exposed by the organization that runs it, and the information has already made its way into the hands of personalities tied to the harassment movement Gamergate. This information has already been used to harass journalists, and harassment and intimidation will undoutably increase. The impact of this careless leak of information will be felt for years to come.
The ESA has released a statement, which somewhat misleadingly refers to the publicly accessible document as a "website vulnerability", a technically meaningless phrase that will likely bring to mind hacking and security loopholes rather than a lack of security.
"ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this [sic] occurrence and have put measures in place to ensure it will not happen again." - Entertainment Software Association
Previous instances of similar data breaches have led to significant legal action, a current notable example being the class action lawsuit against Equifax.
EDIT: Updating with some info on what to do if you are affected
First, a thread from Steve Bowling outlining some steps that should be taken immediately, click through and read the entire thread
Second, a helpful post from Rotobit for UK citizens hoping to file a GDPR complaint
As a heads up, residents of the UK can register a complaint about the ESA here. My data wasn't included in the breach but anyone who has been affected should definitely send the message that it's not OK. I'm sure other European countries have similar ways to handle complaints, too.
EDIT 2: Leaked information expands, now covers three different E3 events
gamesindustry.biz reports that databases containing journalist info for two other E3s are in the wild.
2800 from one show, 3300 from another, all in archives.
...what's the next step above tire fire?
Last edited: