E-Sports Entertainment Association (ESEA) breach – Fraud.org


On December 30, 2016 the E-Sports Entertainment Association (ESEA) announced that they experienced a data breach, which news outlets are reporting to have affected 1.5 million of their users. The breach compromised users emails addresses, usernames, private messages, IPs, mobile phone numbers (for SMS messages), forum posts, hashed passwords, and hashed secret question answers.

Announced: December 30, 2016

Description of the breach: ESEA alerted their users on December 30 that they had received notice on December 27 that their system had been breached. Although the exact number of records compromised is unknown, many websites are reporting that 1.5 million user records were compromised in the breach.

ESEA is reporting that no credit card or payment information was compromised, however users emails, private messages, last login date, dates of birth, zip codes, mobile phone numbers (for SMS messages), forum posts, hashed passwords, usernames, Steam or Xbox IDs, and hashed secret question answers have leaked.

ESEA has not asserted when the records were breached, but is urging all users to immediately reset their account passwords and security questions, as well the passwords and security questions on different websites where they may have reused their login credentials.  

ESEA is also advising users to be wary of unsolicited communications that ask for personal information. It is recommended that you go directly to the ESEA website in a new browser to reset passwords or update security questions instead of clicking on links in an email related to the breach. Hackers are known to use information from large data breaches in phishing scams that lure individuals into clicking on dangerous links.

Official information from ESEA: https://play.esea.net/index.php?s=news&d=comments&id=14932

ESEA Frequently Asked Questions regarding the breach: https://play.esea.net/?s=content&d=securityupdate

ESEA Support Center: https://play.esea.net/?s=support&d=tickets

More coverage of this breach: International Business Times and ESPN