E3 data breach leaks info for thousands of registered journalists
The ESA blamed a 'website vulnerability' for leaking the contact list.
Thanks to a staggering bit of negligence on the part of the organization that manages E3, the last and worst "leak" this year affects people from the media who covered the event. As pointed out on YouTube by Sophia Narwitz, a spreadsheet was available on the E3 website listing detailed contact information for over 2,000 journalists, content creators, analysts and others who applied for and received credentials to the event this year.
The list apparently existed so that videogame companies could reach news media and content creators they wanted to contact about coverage, but it's obviously not intended to become publicly available. In a statement, the ESA said "Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again."
That doesn't do much to help the people who are now at risk for targeted harassment, and, as VentureBeat points out, may cause an issue with Europe's GDPR. Narwitz noted that the list was pulled within hours of the ESA being notified, which was not soon enough to avoid people downloading and spreading the information.
ESA:
ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.
