The Electronic Software Association (ESA) grants E3 press badges to thousands of journalists, content creators, and other industry experts each year. The ESA then compiles a list of attendee’s contact information and hands that out to companies. This data typically includes an attendee’s home or office address, phone number, and other relevant information. The companies will then invite attendees to various special events. The data is not meant to be shared with the public and is only intended to connect companies and industry experts.
Unfortunately the 2019 E3 contact list was not private. YouTube creator Sophia Narwitz discovered the security breach and noted that the ESA website contained a link to the full contact list. The website doxxed over 2,000 E3 press badge holders. The attendees included tech journalists, popular YouTube creators, and even employees from companies like Goldman-Sachs and Tencent.
Thankfully, most people did not know that this list was publically available. Narwitz contacted the ESA and they quickly took down the contact list. ESA told VentureBeat,
ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again.
Many fear that this oversight could expose attendees to harassment or identity theft. Journalists and content creators are often the targets of intimidation. Most harassment typically occurs online, but this breach could literally bring harassers to one’s door. Event attendees are often also required to give information like birthdays. Leaks such as this one could aid in identity theft.
This security breach could also guarantee that fewer people attend future E3 events. This would hurt both the ESA and the industry as a whole. Let us hope that the ESA soon has answers and can explain how such a massive oversight occurred.