The Entertainment Software Association Association (ESA) has found itself in hot waters after making a list of private data on thousands of media professionals available on its website.
The ESA is the organizer of the video game conference E3, which annually draws more than 66,000 visitors. The latest conference was held in June 2019. Now, more than 2,000 members of the media and different content creators who attended the latest E3 event have had their private information – in some cases including home addresses and personal contact information – exposed to the public.
The data was part of a spreadsheet that was reportedly supposed to be used by ESA members and exhibitors to invite press members and influencers to events and to arrange interviews. It is unclear how long the file was available on the site.
However, it is clear that it was easily available online. The journalist Sophia Narwitz revealed the weakness in YouTube video on Friday August 2. She showed that all people had to do was to click a link on the website to download the spreadsheet. Narwitz said she informed the ESA about the vulnerability before posting the video.
The E3 organizer has since taken down the link, but several news sites report that people could still access the file by looking at the cached version.
The ESA has reportedly also sent an email to people affected by the leak, apologizing for it. “Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available,” the ESA said in a statement. “We regret this occurrence and have put measures in place to ensure it will not occur again.”
It seems some people are already using the leak in nefarious ways, with several journalists and media personalities already becoming subject to prank calls, according to Kotaku, the gaming news site.
Following the news, several news site are now reporting that the ESA could face expensive class-action lawsuits for the leak.
Copyright © 2019 FinTech Global