The lead developer of Siege.gg, a site mainly comprised of volunteers that provides comprehensive R6 esports data, announced in a blog post the site may have suffered a data breach yesterday morning around 9am CT. The developer, “Kev,” instructed users to reset their passwords immediately in order to protect their information.
While Kev does not provide any concrete evidence of an attack, he does believe there is enough evidence to warrant erring on the side of caution. Siege.gg is mainly comprised of volunteers that provide some of the most comprehensive R6 esports data in the world.
“Around 14:00 GMT, the website went down and would only respond with 500 errors,” said Kev in a blog post. “We started investigating the issue at 14:11 GMT to find an empty database. Somehow, the entire database had been wiped. If it were caused by a bug in MySQL or our code, we would have simply rolled back the data as we run backups on 20 minute increments. However, we suspect that an attacker may have gained access to our database.”
The vulnerability of an open MySQL portal was handled in roughly 30 minutes upon detection, but the site began experiencing error codes ten minutes before the issue was diagnosed, according to the post. This means that the vulnerability was open for a full 40 minutes before it’s closure.
Kev apologized for the breach and concluded his announcement by saying the site will make changes to prevent future attacks, including “gradually releasing security-oriented features” to protect users’ data and privacy.
Given Siege.gg’s entire database was wiped, it would seem as though an attack did in fact occur, although Kev could not confirm it. These types of occurrences are far too common in general, but this incident could have been handled far worse in terms of transparency.