A hacker last week breached the systems of Battlefy, a Vancouver esports management startup, and leaked nearly 90,000 users’ personal information.
Following the breach at Battlefy—which in 2014 received $1.3 million in seed funding from tech venture capitalists including former Riot Games chairman Jarl Mohn—the hacker released 89,270 emails, account names, and hashed passwords in a text file.
The owner of the @ciadotgov Twitter account claimed responsibility for the hack and asked for Bitcoin donations for his work. The account was allegedly behind the hack of AllWomensTalk.com earlier this year.
Battlefy, which says its user base grew 750 percent in the last year, apologized to users in an email on Sunday, several days after the breach took place and the data was posted publicly online. At press time, the data remained online.
“The perpetrator gained unauthorized access to a test environment hosting an old version of our database,” Battlefy CEO Jason Xu told the Daily Dot. “Once discovered, we immediately closed the vulnerability and launched a full investigation into the breach. There was no unauthorized access to our production servers.”
The nearly 90,000 affected users represent a “small portion” of the overall user base, according to Xu.
“We protect our user’s passwords by encrypting them with a ten round bcrypt hashing scheme, which is a non-reversible algorithm,” he said.
On its website, Battlefy boasts that it is trusted by gaming industry leaders such as Riot (League of Legends), Blizzard (StarCraft), and Turtle Rock Studios (Counter-Strike).
Battlefy recommends that users who share passwords across multiple accounts change those login credentials immediately.
The company is currently conducting an investigation into both the breach and its security systems.
