ESA, Electronic Entertainment Expo (E3) organizer, leaked thousands of journalist personal data

Names, surnames, telephone numbers, residential addresses and e-mail addresses - these are the data that ESA collected about accredited persons. For what purpose? Well, they were intended for exhibitors, so that they could arrange with individual people for closed shows or interviews.

This entire collection has been sent to the server on which the ESA website is located. It was available there without any restrictions, in a text file. Simply put, every single Internet user could go in as if to himself and simply download a confidential file. When VentureBeat journalists made the case public, the mistake was eliminated, but it was too late.

Unfortunately for all those affected by the "issue", there are reports of cyber criminals using the database. There is no banking information in it, but people complain of harassment and phone jokes. It should be borne in mind that some of the names appearing in the database belong to people widely known in the environment, and this even more provokes online pranksters.

Initially, 2,800 disclosed personal data were known to be "on the wild", but it turned out that such "leaks" also occurred in previous years. In total, more at least 6,000 people are affected.

The following statement from ESA spokesperson:

“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.”

will be probably not enough and there are likely to be lawsuits in the United States. Nevertheless, ESA is also available in Europe, where a statutory penalty of up to EUR 20 million is envisaged for violating the GDPR. However, this does not compensate anyone for stress.