A list of 2,000+ industry professionals' personal data was left online by the ESA

Avatar image for bladeofcreation
#1 Posted by BladeOfCreation (1405 posts) -

This story is a wild (although not necessarily shocking) bit of incompetence by the ESA. More than 2,000 industry professionals had their personal contact data available on the ESA's website.

https://www.engadget.com/amp/2019/08/03/e3-data-breach-media/?guccounter=1&__twitter_impression=true

Avatar image for devise22
#2 Posted by devise22 (745 posts) -

Yeah this shit is awful both on ESA part, and for potential harassment problems. The target on journalists in the game industry continuously is just trash, and it just keeps evolving and changing due to issues like this. It's just ugh. Hopefully those effected by this can protect themselves as best possible.

Consequences for future E3/ESRA?

Avatar image for demoskinos
#3 Posted by Demoskinos (17460 posts) -

I bet this kills E3. People were already pulling out left and right this year. Who is going to want to trust the EA with their information after this?

Avatar image for cure_optimism
#4 Posted by Cure_Optimism (86 posts) -

Some ol' bullshit right here. Hopefully nothing comes of it because that would make the whole situation infinitely worse.

Avatar image for wollywoo
#5 Posted by wollywoo (305 posts) -

Sounds like class action lawsuit material.

Avatar image for deactivated-5d5f33a6b34f9
#6 Edited by deactivated-5d5f33a6b34f9 (210 posts) -

Awful, and terrible decision on that ”journalists” part to publish their video on the story before the info had been completely taken down from the site.

Avatar image for conmulligan
#7 Posted by conmulligan (1950 posts) -

Jesus, what a shitshow. Hopefully most people used their work address and phone.

Avatar image for bladeofcreation
#8 Posted by BladeOfCreation (1405 posts) -

@farleyslundgren: Yeah. When you get into the greater context of who that person works for, the way this was revealed starts to look pretty fucked up.

Avatar image for fasterblaster
#9 Posted by fasterblaster (16 posts) -

Lawsuit.

Avatar image for shindig
#10 Posted by Shindig (4965 posts) -

A new challenger for Hottest Mess or Dampest Squib.

Avatar image for creepin_jeezus
#11 Edited by Creepin_Jeezus (1 posts) -

I assume this includes European journalists? Looks like the ESA is about to get very familiar with the GDPR.

Avatar image for rahf
#12 Edited by Rahf (534 posts) -

This is déjà vu in ironic fashion.

Allow me to first inform you of a Swedish agency, and what it does.

Vårdguiden 1177 is a Swedish service providing healthcare by telephone.

Last year it was uncovered that millions of recorded telephone calls were stored on an open, unprotected server as separate audio files. Clear as daylight if you had the address, you had access to incredibly sensitive personal data from a sizeable portion of the Swedish populace. Ostensibly every call that's been made to the medical advisory since 2013 was there. Needless to say it was a scandal of epic proportions.

Avatar image for bladeofcreation
#13 Posted by BladeOfCreation (1405 posts) -

@rahf: Jesus, that's terrible. Does the Swedish public have any recourse, via national laws or the GDPR, that would allow them to seek compensation for that?

Avatar image for danthepostman
#14 Posted by DanThePostman (19 posts) -

@rahf: I can understand them maybe getting hacked but the fact that both of these were just publicly available hurts any chance of goodwill ever. Both situations detailed just eat at me something fierce.

Avatar image for jesus_phish
#15 Posted by Jesus_Phish (3902 posts) -

@bladeofcreation: Look man, what did you want her to do? Email everyone on the list to let them know they need to alert the ESA on mass? Do you know how long it would take to email 2000+ people when all you have is a spreadsheet of their email addresses??

Avatar image for danthepostman
#16 Posted by DanThePostman (19 posts) -

@jesus_phish: agreed. It’s not her job to inform the affected parties. That’s the ESA’s to own up to and resolve this matter in a timely and effective manner. Unfortunately, that level of idealism just doesn’t exist here.

Avatar image for hermes
#17 Posted by hermes (2630 posts) -

@jesus_phish:About 15 minutes? (https://developers.google.com/apps-script/articles/sending_emails)

I am not trying to divert responsibility from ESA for a mayor (and suable) screw-up, or blame the victims here, but the really responsible thing for both parties would be to give a heads up to the people involved and wait a reasonable amount of time before divulging a security vulnerability wide open on youtube for attention.

Avatar image for dudeglove
#18 Posted by dudeglove (13782 posts) -

If I were more conspiratorial I'd argue that the ESA did it deliberately as a way to nuke E3 altogether but it's far more likely to be wholesale incompetence.

I look forward to the class action lawsuit by the combined forces of every single industry professional.

Avatar image for jesus_phish
#19 Posted by Jesus_Phish (3902 posts) -

@hermes: @danthepostman: I was being sarcastic in my post.

She should've alerted everyone and the lot of them pressured the ESA into shoring it up before reporting on it. It's come out now that the ESA apparently did something like this twice before (leaving docs in plaintext from 2004/2006) only nobody lit up the bat signal on them before it was resolved.

Avatar image for hermes
#20 Posted by hermes (2630 posts) -
Avatar image for someoneproud
#21 Posted by someoneproud (631 posts) -

Really looking forward to some savage GDPR backlash to this at least.

Avatar image for casepb
#22 Posted by Casepb (756 posts) -

Well damn, that's awful for those people. I'm also wondering if this will kill E3.

Avatar image for monkeyking1969
#23 Posted by MonkeyKing1969 (7656 posts) -

The ESA left the list up for over a month. The ESA was told it was up and did not respond..at all. A journalist then told the story of how ESA was being loose with data. There was no "wait until it could be removed" the damn list was up for OVER A MONTH and was thus archived on Wayback Machine .

The only villain in this story is the ESA. (Let's just put aside that once again Jason Schreier attacked another journalist for no reason...he messes up a lot...he can't help himself. But he is not important to this story, just a sideshow clown) The fact is the ESA messed up badly, a huge leak, they were told about ist and instead of responding in a reasonable time (that in my mind being less than a few hours) they just ignored the issue until it blew up.