Last night, YouTuber and journalist Sophia Narwitz, brought to light a major screw-up by the ESA. Or better known as the organization that runs the popular North American gaming convention, E3. In a massive blunder, the company allowed a list of 2000 press and content creators to be leaked via their website. A list that wasn’t even password-protected, encrypted or even behind section of the website that required you to sign in. It was just sitting out there on the ESA website via a link.
Sophia contacted the ESA and they did release a statement and removed the link. Needless to say, the response seemed like an attempt at damage control. While the link was removed. Yet, once something is released onto the net, it’s damned hard to get it removed. Adding to this, is this something that was commonplace for the ESA? How long have they been doing this?
I can’t even begin to explain how stupid and damaging this was. For me, being an IT professional I’m exposed to many policies and regulations that forbid this sort of thing. Yet, this happens and it makes me question several things with the ESA. If you’re reading this, you should as well. The European Union (GPDR) and many lawyers are going to have a field day with this.
Update: We’ve created a searchable database so that you can quickly see if you’ve appeared on this list. Please don’t ask for any additional information as do not have it and have deleted the document.
What you need to know!
If you attended this past E3 2019, you need to pay attention as you are at risk. Youtube, Twitch and Mixer streamers/content creators, as well as gaming/media journalists and several companies. You favorite outlets such as Polygon, IGN, and many others have staff and members that have been exposed.
I’ve personally seen this list and saying that it is worrisome is an understatement. I can see the names, email addresses, home addresses, and phone numbers of each person who was provided a media or content creator badge for E3 2019. Each person of this list is now opened up to all sorts of damage, including doxing, death threats or worse. Now people have their private home address, which is scary beyond belief.
I can’t even begin to wonder what those impacted are feeling right now. This isn’t exactly the sort of thing you’d want to wake up to, ever. The ESA has just opened themselves up to a massive lawsuit and I hope that someone holds them accountable for this mess.
Needless to say, my trust and yours, regarding the ESA has been tossed out the window. Yes, the ESA does inform you that they do collect your information when you sign up for a press or content creator badge. That’s 100% correct. However, they also state they won’t provide this info to anyone without consent. This is outlined in the ESA privacy policy.
How is your personal information used and shared?
We do not share, sell, or rent your personal information to third parties without your consent or as described below. Besides technical information required for the support of our internal operations (i.e., IP address), we do not require disclosure of personal information to access most of our Websites. If you prefer not to disclose any personal information, you may not be able to enjoy certain features of our Websites.
This list being in the hands of people who shouldn’t have it pretty much nullifies the “we do not share your personal information” bit.
What you need to do!
Find out if you’re on this list and then contact a lawyer, ASAP. I can’t stress enough how damaging this is to you and your family.
Hopefully, this list hasn’t gotten too far out there. However, I have seen it on several archives and as of this morning, it was still available for download. I’ve already contacted several other websites to get this information removed as well.
Please protect yourselves, everyone. As for the ESA, I have no idea how you allowed this to happen but this is huge and I don’t think you understand the ramifications of all this.
