‘Data of 1.5 million accounts of esports website ESEA appear online’

ESEA, a major esports community, has disclosed that its members’ data has been leaked. This was allegedly the result of an extortion attempt, in which a person demanded $50,000 from the organization to stop the theft of data from 1.5 million accounts.

Leakedsource, a site that allows users to search hacked databases for free and for a fee, informed CSO that it was an extortion. CSO writes that it has contacted ESEA, but that there is no confirmation from the organization yet. ESEA itself only says via Twitter that data has been leaked, but that it cannot verify whether it is actually its own data. The number of 1.5 million accounts also comes from Leakedsource.

The database would contain 90 possible fields of information per user, including username, bcrypt hashed password, first and last name, address, date of birth and PSN or Xbox Live ID. Several Reddit users have been able to find their details in the leaked database, according to CSO. Bcrypt is generally seen as a secure hashing algorithm.

ESEA had already notified its members on December 30 that someone was accessing users’ data. In that announcement, the company said it received a message about the hack from an unknown person on December 27. In its recent tweet, the company wrote that it “already expected the data to appear online.” In both announcements, ESEA itself does not mention numbers. Through the site of the organization, players of different games can compete against each other in matches.