Gaming Site Breached; 1.5 Million Players at Risk
Posted by: Timothy Weaver on 01/10/2017 02:09 PM
[
Comments
]
A hacker breached the E-Sports Entertainment Association (ESEA) and made off with a database containing 1.5 million player profiles.
The cyber-criminal demanded $50,000 to not publish the database. ESEA decided to not pay the extortion demand. The database was then published.
The database contained usernames, emails, private messages, IPs, mobile phone numbers (for SMS messages), forum posts, hashed passwords, and hashed secret question answers.
ESEA has cautioned users to change their passwords, security questions and answers for any and all accounts which may be using the same login credentials. They are also suggesting users be suspicious of any unsolicited communications that ask you for personal information.
Tim Erlin, senior director of IT security and risk strategist at Tripwire, said: “If you're not part of the video game industry, you might not realize that it's a more than a $30 billion industry.”
Personal information is a profitable commodity on the dark web, not just banking info. However, Erlin went on to say: “Modern gaming is all about collecting money from consumers, and gaming companies have plenty of credit card data to make them an attractive target.”
Although ESEA did not release information as to how the breach took place, they did announce that they have patched the vulnerability.
Source: SCMagazine
The cyber-criminal demanded $50,000 to not publish the database. ESEA decided to not pay the extortion demand. The database was then published. The database contained usernames, emails, private messages, IPs, mobile phone numbers (for SMS messages), forum posts, hashed passwords, and hashed secret question answers.
ESEA has cautioned users to change their passwords, security questions and answers for any and all accounts which may be using the same login credentials. They are also suggesting users be suspicious of any unsolicited communications that ask you for personal information.
Tim Erlin, senior director of IT security and risk strategist at Tripwire, said: “If you're not part of the video game industry, you might not realize that it's a more than a $30 billion industry.”
Personal information is a profitable commodity on the dark web, not just banking info. However, Erlin went on to say: “Modern gaming is all about collecting money from consumers, and gaming companies have plenty of credit card data to make them an attractive target.”
Although ESEA did not release information as to how the breach took place, they did announce that they have patched the vulnerability.
Source: SCMagazine
Comments
