The private information of over 2,000 E3 2019 attendees who had a media badge has leaked online. The owners of E3, the Entertainment Software Association, had a page on their website linking to a spreadsheet file with the personal information of each journalist, YouTuber, streamer, developer, etc. It listed their full name, phone number, address, and other information as well.
The accidental leak of information by the ESA was first spotted by Sophia Narwitz. Narwitz contacted the ESA by phone and email without a response and shortly after, the page with the file was taken down. This was done before she did her report on the topic.
A brief statement on the incident is circulating around and was provided to TechRaptor as well,
“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again.”A list including those with media badges is used by the ESA for helping coordinate with companies at E3 in getting their information to the media. This includes anything from press releases to setting up meetings. It's unknown why this information was easily available and has risen concerns over a potential General Data Protection Regulation Breach. Also known by its acronym, GDPR. Additionally, at this time the ESA has not contacted the people who were on the list about the data being leaked.
According to Narwitz, a group of content creators and companies are preparing for a lawsuit regarding the incident. It's unknown who specifically, but the leak has affected both individuals and companies inside and outside the game industry. She expects more information on the lawsuit to be public on either Monday or Tuesday according to the below tweet.
As of the time reporting this story, several people on the list have already been targeted by harassers who were able to acquire access to the data.
In our original story, the ESA hadn't contacted those affected by the leak yet and they now have. The below statement was emailed to those on the list, although it fails to provide further information on the situation.
Registered E3 Journalist –
The Entertainment Software Association (ESA) was made aware yesterday of a website vulnerability on the exhibitor portal section of the E3 website. Unfortunately, a vulnerability was exploited and that list became public. We regret this happened and are sorry.
We provide ESA members and exhibitors a media list on a password-protected exhibitor site so they can invite you to E3 press events, connect with you for interviews, and let you know what they are showcasing. For more than 20 years there has never been an issue. When we found out, we took down the E3 exhibitor portal and ensured the media list was no longer available on the E3 website.
Again, we apologize for the inconvenience and have already taken steps to ensure this will not happen again.
Thank you – Entertainment Software Association