The personal information for those who acquired a media badge for this years Electronic Entertainment Expo (E3) may have been leaked recently due to an error by the Entertainment Software Association (ESA). In order to get one of these media badges, the organization demands your name, phone number, home address, and more information.
Sophia Narwitz, an independent journalist who until recently worked as a senior writer for Niche Gamer, released a video showing in detail how the official website of E3 included a public link to a spreadsheet with the personal information belonging to roughly two-thousand media members from the gaming and entertainment industries. The information compiled onto this spreadsheet is meant to be distributed among its member companies which facilitates organizing the E3 events each year.
Since the leak has happened, Jeff Grubb at Venture Beat reached out to the ESA regarding an explanation, and received the following statement in response:
“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.”
For now, anyone who may be affected should be taking action to ensure their safety. There is the possibility of someone spreading that information for malicious reasons against a journalist with whom they have a disagreement. There is also the danger of identity theft, as that type of information is often used in applying for credit in North America.
Phone numbers given to the ESA should promptly be changed as well if used as the contact information for Two-Factor Authentication. The spoofing of mobile numbers is not difficult and can provide someone access to accounts normally protected.
In Canada, Equifax and TransUnion offer credit monitoring services for a monthly fee, which may be a useful step to ensure that the information is used by a third party.
Now the ESA needs to be held accountable for its negligent action. There is no reason this should be happening, and it is going to be a hard sell next year when they undoubtedly attempt to collect information again for E3 in 2020.