Let’s say it right away: E3 is known for unfortunate security breaches. Generally, such breaches result simply in hackers revealing games ahead of the companies that made them. This year, the ESA, the organization in charge of E3’s management, messed up in a way not even Keanu Reeves will be able to save them from. A massive security breach just released the data, not of games, but of thousands of industry professionals.
How did this happen?
The E3 website contained a list that contained information of over 2,000 professionals attending. Not just journalists. There were YouTubers, small content creators and analysts.
The purpose of the list was to allow for gaming companies to contact journalists and content creators directly for coverage. The list was naturally private.
It did not stay private.
ESA blames the leak on a website weakness, naturally right, and says they took it down as soon as they found out.
ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.
That’s not good enough. It only takes one person with malicious intent to get a hold of it. Hackers and other Internet trolls are already spreading the contents of the list.
The release of personal information opens the gate for all sorts of mass targeted harassment. Gamers are unfortunately very good at doing just that. The twitter user @ScraftyDevil wrote that journalists are receiving death threats after the leak:
Another serious problem the E3 breach could run into is Europe’s GDPR policy. Europe’s GDPR, responsible for data regulation and protection, might take action due to the high profile leak. GDPR is tough, and its fines can go up to €20,000,000. This could put the next year’s E3 at risk.