A list of 2,000+ industry professionals' personal data was left online by the ESA

This story is a wild (although not necessarily shocking) bit of incompetence by the ESA. More than 2,000 industry professionals had their personal contact data available on the ESA's website.

https://www.engadget.com/amp/2019/08/03/e3-data-breach-media/?guccounter=1&__twitter_impression=true

Yeah this shit is awful both on ESA part, and for potential harassment problems. The target on journalists in the game industry continuously is just trash, and it just keeps evolving and changing due to issues like this. It's just ugh. Hopefully those effected by this can protect themselves as best possible.

Consequences for future E3/ESRA?

I bet this kills E3. People were already pulling out left and right this year. Who is going to want to trust the EA with their information after this?

Some ol' bullshit right here. Hopefully nothing comes of it because that would make the whole situation infinitely worse.

Sounds like class action lawsuit material.

Awful, and terrible decision on that ”journalists” part to publish their video on the story before the info had been completely taken down from the site.

Jesus, what a shitshow. Hopefully most people used their work address and phone.

@farleyslundgren: Yeah. When you get into the greater context of who that person works for, the way this was revealed starts to look pretty fucked up.

Lawsuit.

A new challenger for Hottest Mess or Dampest Squib.

I assume this includes European journalists? Looks like the ESA is about to get very familiar with the GDPR.

This is déjà vu in ironic fashion.

Allow me to first inform you of a Swedish agency, and what it does.

Vårdguiden 1177 is a Swedish service providing healthcare by telephone.

Last year it was uncovered that millions of recorded telephone calls were stored on an open, unprotected server as separate audio files. Clear as daylight if you had the address, you had access to incredibly sensitive personal data from a sizeable portion of the Swedish populace. Ostensibly every call that's been made to the medical advisory since 2013 was there. Needless to say it was a scandal of epic proportions.

@rahf: Jesus, that's terrible. Does the Swedish public have any recourse, via national laws or the GDPR, that would allow them to seek compensation for that?

@rahf: I can understand them maybe getting hacked but the fact that both of these were just publicly available hurts any chance of goodwill ever. Both situations detailed just eat at me something fierce.

@bladeofcreation: Look man, what did you want her to do? Email everyone on the list to let them know they need to alert the ESA on mass? Do you know how long it would take to email 2000+ people when all you have is a spreadsheet of their email addresses??

@jesus_phish: agreed. It’s not her job to inform the affected parties. That’s the ESA’s to own up to and resolve this matter in a timely and effective manner. Unfortunately, that level of idealism just doesn’t exist here.

@jesus_phish:About 15 minutes? (https://developers.google.com/apps-script/articles/sending_emails)

I am not trying to divert responsibility from ESA for a mayor (and suable) screw-up, or blame the victims here, but the really responsible thing for both parties would be to give a heads up to the people involved and wait a reasonable amount of time before divulging a security vulnerability wide open on youtube for attention.

@hermes: @danthepostman: I was being sarcastic in my post.

She should've alerted everyone and the lot of them pressured the ESA into shoring it up before reporting on it. It's come out now that the ESA apparently did something like this twice before (leaving docs in plaintext from 2004/2006) only nobody lit up the bat signal on them before it was resolved.

@jesus_phish: Sorry about that. Poe's law attacks again...

Really looking forward to some savage GDPR backlash to this at least.

Well damn, that's awful for those people. I'm also wondering if this will kill E3.

The ESA left the list up for over a month. The ESA was told it was up and did not respond..at all. A journalist then told the story of how ESA was being loose with data. There was no "wait until it could be removed" the damn list was up for OVER A MONTH and was thus archived on Wayback Machine .

The only villain in this story is the ESA. (Let's just put aside that once again Jason Schreier attacked another journalist for no reason...he messes up a lot...he can't help himself. But he is not important to this story, just a sideshow clown) The fact is the ESA messed up badly, a huge leak, they were told about ist and instead of responding in a reasonable time (that in my mind being less than a few hours) they just ignored the issue until it blew up.