Seems like everything's getting hacked these days. Information for over 1.5 million users of E-Sports Entertainment Association (ESEA) was stolen and then subsequently posted online several days ago and confirmed yesterday.
Not content with merely hacking and releasing the information like other data breaches, the hackers also demanded a cool $100,000 ransom. Apparently ESEA doesn't negotiate with terrorists.
Unlike many other companies who like to sit on hacks for a time or even years before admitting fault, the ESEA kept users informed throughout the entire timeline and immediately involved authorities. Bad news for the hackers.
The ESEA was informed of the hack on December 27, which included usernames, emails, private messages, IPs, mobile phone numbers, forum posts, hashed passwords, and hashed secret question answers. No payment information was accessed, since they don't store any of it. Nor were ESEA Client or anti-cheat systems accessed.
Of course, the reason they were informed was because the hackers sent the ransom demand through the bug bounty program, demanding payment to prevent the data from being posted. Once ESEA verified the attack and the information accessed, they quickly worked to patch the vulnerability. Community and stockholders were notified of the breach.
Over the course of the week, the hackers escalated their demands/threats while ESEA upgraded security. Finally on January 8, after failing to properly intimidate ESEA, the hackers released the data on LeakedSource.
The hack itself may not have garnered much attention overall. But while the infiltrators were mucking away at the user data, they also accessed a game server where intellectual property was stored. Now the FBI is involved, and those guys don't mess around.
Hacking Is Getting More Prevalent
While hacking itself is far from a new thing in video games, mass user data has been so far relatively untouched. It used to be that hacks were relegated to merely increasing your advantage in video games. In fact, cheating via hacks became such an issue in the eSports competitive scene that South Korea passed a law fining cheaters up to 5 years in jail or a hefty $43,000 fine for hacking.
Phishing attempts for accounts have always been common, but recently hackers took advantage of the popularity of Pokémon GO by putting out a fake version of the game riddled with malware. The remote access tool hidden within the app would give hackers full control of your phone.
But It's Still Widely Misunderstood
The recent US election debacle shows us how little most people understand about technology and data breaches. It was made even worse when CNN used an image from Fallout in conjunction with a news report on Russian hacking.
Hacking has been applied to everything from large data breaches, to CIA-level espionage...to posting a status from your friend's Facebook account.
People recognize that "hackers" are bad, but still don't take most common sense security precautions. Nor do businesses. Robbers are bad too, but I don't go leaving my front door open. And yes, a very dedicated hacker will be able to access something if they try hard enough, but like the Yahoo breach shows us, sometimes it's stupidly easy to get to.
What Can You Do?
As a consumer, you can't really do much to stop large user data breaches unless you just never have an electronic presence at all (which is practically impossible in this age). But what you can do is adopt security practices to protect yourself in the case of a breach. Common sense security measures still apply.
- If you're ever the subject of a hack, immediately change your password and security questions.
- Review related accounts for suspicious activity.
- Sign up for two-factor authentication if possible.
- Make sure your email account is secure, with a backup email or mobile access.
- Use unique passwords for each account or a password manager.
- Be aware of phishing attempts and don't click on links asking for personal or account information.