Counter-Strike eSports league held to ransom over data stolen from 1.5m users
Hacker demanded $100,000, and leaked the data when ESEA refused to comply
One of the biggest Counter-Strike eSports communities has been hacked after refusing to pay a ransom of $100,000.
The eSports Entertainment Association (ESEA) has confirmed that its customer data was breached on December 27 last year, when a "threat actor" contacted the organisation to inform them of the theft. A demand of $100,000 to prevent the sale or release of the data was issued, to which the ESEA did not consent.
"We do not give in to ransom demands, and paying any amount of money would not have provided any guarantees to our users as to what would happen with their stolen data," the organisation said in a statement on its website. "The most responsible course of action was to share the incident with the authorities and our community so each individual could take steps to secure their accounts."
The ransom demand is notable, but so is the size of the breach. The stolen data was released on LeakedSource, and CSO Online has confirmed that just over 1.5 million accounts were compromised.
"We are still investigating but believe that a large portion of the ESEA community members' information including usernames, emails, private messages, IPs, mobile phone numbers (for SMS messages), forum posts, hashed passwords, and hashed secret question answers could all have been exposed.
The ESEA continued: "To be clear, we have worked to identify the source of the vulnerability and have taken the appropriate measures to patch it. Once users have completed the password and information change procedures outlined above, users should feel confident in the ongoing security of their data on ESEA's systems."
The ESEA is owned by The Modern Times Group, one of the major forces in the eSports industry. The Modern Times Group is also the parent company of ESL and DreamHack.