E3 organization leaks data for over 2,000 journalists and analysts [Update: Additional security breaches discovered, see threadmarks]

Oct 25, 2017
464
Louisville, Kentucky
Before we begin, it is my understanding that this thread was created once several hours ago and wiped from the site. With little transparency, I can only assume this was done in order to reduce the spread of the sensitive information, in the hopes that it would be taken down before it got too out in the open. That opportunity has long passed, and the unsecured info has already hit one of the web's largest repositories of doxxing and harassment (which should go unnamed and certainly unlinked). Harassment has already begun. The explicit purpose of this thread is to make people aware of the monumental damage that has been done, in the hopes that the ESA may be taken to task for what it has allowed to occur, and to help inform those potentially affected.

While I was in the process of creating the previous version of this thread, Jeff Grubb published a piece on Venture Beat. This thread needs to stop being deleted, as the information has already been exposed and is being publicly discussed by the journalists affected.

But all of that doesn't really explain what happened, does it?

The ESA, the main trade group for the gaming industry, and which notably hosts the Electronic Entertainment Expo (or E3) stored a significant amount of personal information on those with approved media credentials for E3 2019 in an easily accessible document on the E3 website. This document was publicly accessible, and the information found its way to the formerly-mentioned-but-to-remain-unnamed doxxing and harassment oriented website, which itself has heavy ties to Gamergate. The personal information listed, which is now freely available to the internet, includes phone numbers, email addresses, and home addresses. Over 2000 people have been affected by this, including several of my own acquantainces and personal friends in the industry. Several journalists have already received unwanted text messages from Gamergate-affiliated garbageperson and pretend reporter Nick Monroe, which repeated back to them much of their own personal information, mere hours after the information was found to be available.

Let's repeat that. Over 2000 journalists and content creators who attended E3 this year have had their home addresses and phone numbers permanently exposed by the organization that runs it, and the information has already made its way into the hands of personalities tied to the harassment movement Gamergate. This information has already been used to harass journalists, and harassment and intimidation will undoutably increase. The impact of this careless leak of information will be felt for years to come.

The ESA has released a statement, which somewhat misleadingly refers to the publicly accessible document as a "website vulnerability", a technically meaningless phrase that will likely bring to mind hacking and security loopholes rather than a lack of security.

"ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this [sic] occurrence and have put measures in place to ensure it will not happen again." - Entertainment Software Association
Previous instances of similar data breaches have led to significant legal action, a current notable example being the class action lawsuit against Equifax.

EDIT: Updating with some info on what to do if you are affected

First, a thread from Steve Bowling outlining some steps that should be taken immediately, click through and read the entire thread


Second, a helpful post from Rotobit for UK citizens hoping to file a GDPR complaint

As a heads up, residents of the UK can register a complaint about the ESA here. My data wasn't included in the breach but anyone who has been affected should definitely send the message that it's not OK. I'm sure other European countries have similar ways to handle complaints, too.

EDIT 2: Leaked information expands, now covers three different E3 events

gamesindustry.biz reports that databases containing journalist info for two other E3s are in the wild.

2800 from one show, 3300 from another, all in archives.

...what's the next step above tire fire?
 
Last edited:

JEFFREY GRUBB

GamesBeat.com reporter
Verified
Oct 25, 2017
541
Leave it up. It's too late to hide the data. People need to be aware so they can take steps.
 

Defect

Member
Oct 25, 2017
2,759
Had to find out about this on Twitter because threads were deleted here. Just leave this up.

What a terrible thing to happen.
 
OP
OP
DerekOfTheDykes
Oct 25, 2017
464
Louisville, Kentucky
If I can be candid, I'm rather frustrated that this was taken down the first time I posted it, minutes ago. As I mentioned at the top, the dox info was already on the worst possible websites, and it was being openly discussed by the journalists affected. There was no reason to delete it the first time, it was protecting nobody.

But thank you to Jeff Grubb so I can now cite a major outlet to back up the rather lengthy post I made before. I'm sorry this is happening to you and so many others.
 

jacktuar

Member
Oct 25, 2017
6,241
Fuck! That’s awful. Gamers are exactly the kind of petty people to take advantage of this too!
 

ibyea

Member
Oct 25, 2017
1,857
I found out about this like two hours ago when I found out people I know had been affected by this. What the hell ESA. Just what the hell.
 
OP
OP
DerekOfTheDykes
Oct 25, 2017
464
Louisville, Kentucky
How do you accidentally just make the data of thousands of people publicly accessible???
It's probably not unusual that the spreadsheet in question would be hosted on the E3 website. However, normally there would be some kind of security in place to ensure that not just any dingbat could access it. It appears that the data has been up since E3, and has never required any security credentials to access, it just wasn't widely found out until some hours ago.
 

tulpa

Member
Oct 28, 2017
2,527
Yup, all my private info's leaked. What level of incompetence allows this to happen?
 

Imran

Member
Oct 24, 2017
2,802
Already talked to a few colleagues at different outlets that have had to change their phone numbers.

As someone that works from home, I would have certainly used a home address and personal phone numbers. Luckily, I seem to have escaped this list, but not everyone was so lucky. There's people on here that have gone through great lengths to duck harassers over the years that are, at bare minimum, about to be massively inconvenienced in order to just feel slightly safe.
 

Whiterose

The Fallen
Oct 26, 2017
8,262
New York
My question is why wasn't ESA privately told about this leak?

Edit: seems they were but it wasn't enough. Fuck.

This list is potentially and seriously damaging.
 

Khamsinvera

Member
Oct 31, 2017
1,172
Well, they'll offer you 5yrs of free credit monitoring?

I'm already upto 80yrs of free credit monitoring.

I guess another 5 won't hurt?

/s
 

rpm

The Fallen
Oct 25, 2017
3,050
the 24th century
The other non-deleted thread was locked and a link was provided to this thread, so it looks like this thread isn't getting deleted.

What a colossal fuck up on the part of the ESA. Christ. Deepest sympathies to anyone effected by this.
 

RecRoulette

Member
Oct 25, 2017
13,595
Imagine all that time taking the proper steps to try and protect yourself from the garbage out there and in an instant all that is completely fucked.

One of the biggest fuckups to ever happen in this industry for sure.
 

wbloop

Member
Oct 26, 2017
1,044
Germany
This is absolutely, horribly fucked up.

Now that I think about it, this could also permanently fuck over E3. I most certainly would not trust my data to the ESA after this shit-show.

I sincerely hope nothing bad happens to those who got doxxed.
 

Delriach

Designer at Iron Galaxy Studios
Verified
Oct 27, 2017
581
Chicago
I feel pretty sick thinking about this. So sorry to everyone affected. This is really, really bad.
 

Imran

Member
Oct 24, 2017
2,802
With the rumors of Reed sniffing around the show and the ESA struggling to figure out what to do with it, I wonder if the deal just got a lot cheaper for Reed.
 

NoblesseOblige

Community Resettler
Avenger
Oct 25, 2017
2,729
stay safe journoera. lots of shitty fucking people in gaming that will use this to harass and harm
 
Discussion Guidelines

JayC3

bork bork
Administrator
Oct 25, 2017
1,961
Official Staff Communication
A few threads on this were removed previously, in the interest of slowing the spread of the information and giving victims time to take appropriate precautions. Now that it is being covered in the mainstream press this thread will be allowed to stay up. The following should go without saying, but as a reminder:
  1. As always do not post personal information from the leak, and likewise do not post any information that can be used to find the leak, for any reason.
  2. Do not link to hate, harassment, or doxing sites, for any reason.
  3. Be mindful that over 2000 people in the industry have had their privacy invaded in an awful manner. The tone of the discussion should be appropriately respectful.
Addendum: Do not post the original Youtube video that first publicized this issue, as it was posted on a channel with what appears to be alt-right content.
 
Last edited by a moderator:

Arm Van Dam

Member
Mar 30, 2019
2,201
Illinois
The ESA fucked up real good this time with their own sheer incompetence

Those doxxing and harassment sites and subreddits should be wiped off the internet
 
Oct 27, 2017
3,193
This is absolutely, horribly fucked up.

Now that I think about it, this could also permanently fuck over E3. I most certainly would not trust my data to the ESA after this shit-show.

I sincerely hope nothing bad happens to those who got doxxed.
This. Their was lots of negativity already before E3 regarding a messy registration process and some not even getting passes thzt they got previous years. I dont wanna sojnd hyperbolic but the future of E3 might be at risk here. EA and MS have their own floor, Sony already backed out this year. The showfloor was already way different this year cimpared to previous ones
 

Joltik

Member
Oct 25, 2017
6,329
God that's a horrifying fuck up! The ESA needs to get sued to oblivion.

I hope everyone who's affected by this stays safe. :(
 

Imran

Member
Oct 24, 2017
2,802
Considering the ESA very publicly accidentally gave people's media passes to random people without checking their ID this year, I think they're just indescribably negligent with security.
 

ibyea

Member
Oct 25, 2017
1,857
Anyone has any advice on how to handle this? I know a person who needs some advice regarding this situation. All I could think of is phone number change.
 

Minilla

Member
Oct 27, 2017
2,410
Tokyo
Haven't the ESA been under fire for a while now? On multiple shitty incidents?

Wtf is going on there?
 

Raoh

Member
Oct 27, 2017
1,866
this happened one time to me at a place i used to work, but i was so young and naive i never realized i could've sued them so hard for it
 

Gentlemen

Member
Oct 25, 2017
3,901
They were:
nah

"They were notified within half an hour of me finding this information"
This youtube channel distributes gamergate conspiracy theories and I'm 99% sure the person behind it posts on a notorious website that doxxes people and sends them death threats.
Let's use better sources.
 

Icemonk191

Member
Oct 25, 2017
3,233
What a absolute huge fuck up. The ESA leaving this information in such a unsecured location is just almost unbelievable.

This could (rightly) be the end of them.
 

finally

Member
Jul 22, 2019
26
I would move out instantly if this happened to me, the anxiety would be unbearable especially If I have a family.