With ESEA being in the country and providing a third party paid matchmaking service for Counter-Strike: Global Offensive, it comes as troublesome news to see that over 1.5 million user accounts and data have been leaked.
This raises great concern and security for its users as the platform is a paid service and has also been subject to other controversial topics related to leaks and hacks. So how did all this unfold?
Thankfully ESEA has provided a detailed description and timeline following these events. It all began on the 27 December 2016 after the initial security breach was noticed. “The threat actor contacted ESEA early Eastern Standard Time on December 27 through our bug bounty program to inform us that they had obtained access to user data and demanding a ransom payment of $100,000 to not release or sell the user data” noted ESEA admin C “Torbull” L.
ESEA noted that in order to be safe they would advise users to do the following:
- Change your passwords and security questions/answers for any other accounts on which you used the same or similar information used for your ESEA account, and review any such accounts for any suspicious activity
- Use passwords specific to each website you hold accounts at
- Be cautious of any unsolicited communications that ask you for personal information or refer you to a website asking for personal information
A major aspect to consider is that ESEA is a program that runs on your PC and with it comes some heavy security threats. Thankfully this leak is only a data leak, but still does well to serve as a scary reminder. The next breach could allow a hacker to gain access into the system, and who knows what havoc that could create on all the linked computers and accounts.
We have already heard about the ESEA program running as a bitcoin mining operation, which is already a bit suspect. You can find those details here thanks to PC Gamer.
ESEA also handled the situation as best as they can by following correct procedure and contacting the FBI, instead of simply giving into ransom requests.
The rumours are already starting to spread on reddit, and as you can guess, users are extremely annoyed, but as one user mentioned, “Not only accounts were hacked, there are also leaked serverside plugins and libraries they are using (binaries and configs only, not source code),” although this post was quickly deleted and not a trace of evidence was left on reddit.
Overall, this seems to be a common problem with the ESEA system as there are countless security breaches and problems, but, users will always come back for more games, because it is currently the leading PUG system around the world.
How to check if your data has been leaked
Simply head over to Leakedsource and enter your email address and make sure the search type is set to email. Otherwise, you can also search for your username.
Once that is done you can simply scroll to see all the vulnerabilities and leaks, you will be looking for one that says “Esea.net”
Users can also request that their data is removed from the system by doing submitting a removal request here.
Previously they were also hacked and had every player’s Karma rating changed to 1,337 which is pretty hilarious and scary at the same time. We also recommend that you change a few of your passwords and even look at creating a unique password for each service you use.
You can also find the full timeline and details released by ESEA here.