Gaming

E3 Leak Shares Personal Info of Over 2,000 Journalists, YouTubers

A breach in the Entertainment Software Association’s security for its E3 site was exploited […]

A breach in the Entertainment Software Association’s security for its E3 site was exploited recently and led to a leak that shared personal information of over 2,000 journalists, analysts, and content creators who were registered to attend the gaming expo. The exploit affected one part of the E3 site and made accessible a massive spreadsheet composed of thousands of cells which contained personal addresses and phone numbers among other information.

Videos by ComicBook.com

Sophia Narwitz first shared news of the spreadsheet which included the information of the registered E3 attendees. Her video seen above said the ESA “just doxxed over 2000 journalists and content creators” and said that the ESA has since removed the document in question. That document has by now already made the rounds on various online forums including some which are known for targeted harassment campaigns.

The information found in the document did include addresses and phone numbers as well as full names and the companies different people work for, though whether or not those are work phones and addresses or not depends on the individual. Some journalists and content creators have already sounded off on Twitter and other forms of social media to say they’ve been contacted via text messages or phone calls from unknown senders due to the leaked information, a claim which I can anecdotally say is accurate.

In a statement received from the ESA as a registered individual on the E3 list, the organization said it was sorry the incident occurred and that steps would be taken to make sure it doesn’t happen in the future. No information was provided about further plans to address the current incident.

“The Entertainment Software Association (ESA) was made aware yesterday of a website vulnerability on the exhibitor portal section of the E3 website,” the statement said. “Unfortunately, a vulnerability was exploited and that list became public. We regret this happened and are sorry.”

It’s unclear at this time how long the information was publicly available through the E3 site, but given how it was found through some simple navigations of the site’s drop-down menus, there’s a chance it’s been up there for some time.

“We provide ESA members and exhibitors a media list on a password-protected exhibitor site so they can invite you to E3 press events, connect with you for interviews, and let you know what they are showcasing,” the ESA’s statement added. “For more than 20 years there has never been an issue. When we found out, we took down the E3 exhibitor portal and ensured the media list was no longer available on the E3 website.”