Failed extortion attempt results in 1.5 million ESEA user’s private information leaked

The hacker was asking the company for $100,000 to not leak the information.

The personal information of 1.5 million users has been leaked following a hack of the most tenured and long-lasting matchmaking service in North America on Dec. 27.

The service, ESEA, notified its user base about the security breach on Dec. 30. But users had no idea of the scale of the breach until the data was shared on LeakedSource, one of the largest breach notification sites on the internet.

LeakedSource provided net security site Salted Hash with proof that the database was from ESEA.

The leak occurred on Jan. 8, roughly two weeks after the hacker had successfully accessed what seems to be a majority of ESEA users’ private information. According to ESEA this did not include passwords, but the company is urging its users to update their security information regardless. While passwords may not have been breached, users’ emails, phone numbers, private messages and IP’s were—all information that could be used for other malicious activities such as social engineering and phishing.

ESEA says the perpetrator contacted the company via its bug reporting service on Dec. 27, and claimed to have been able to access private user data. ESEA were subsequently asked to provide the hacker with $100,000, or else the information would be leaked publicly. Between Dec. 28 and Jan. 7, ESEA maintained contact with the hacker while simultaneously working on isolating and securing its breach, as well as alerting the Federal Bureau of Investigation.

About the author

Sam Nordmark

Writer at @dotesports