The Entertainment Software Association (ESA) inadvertently exposed sensitive data on more than 2,000 journalists and analysts that provided their information for the Electronic Entertainment Expo trade show. A spreadsheet that the ESA hands out to its member companies contained the name, phone number, home address, and more of potential attendees for its events. The list reportedly contained info for games journalists, streamers, YouTube creators, Wall Street financial analysts, investors, and Tencent employees.
The list exists so that publishers and developers can invite analysts and media to events and private viewings that take place during the E3 show. Unfortunately, it was made accessible to anyone who clicked on a button on the ESA website. It is not clear how many other people were able to download it. A review of the “Helpful Links” page on the E3 website, which pointed to this spreadsheet, shows that it has been taken down and now returns a 404 error.
The organization initially provided the following statement: “ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.”
A subsequent statement from the company explained, “We provide ESA members and exhibitors a media list on a password-protected exhibitor site so they can invite you to E3 press events, connect with you for interviews, and let you know what they are showcasing. For more than 20 years there has never been an issue. When we found out, we took down the E3 exhibitor portal and ensured the media list was no longer available on the E3 website.” It concluded, “Again, we apologize for the inconvenience and have already taken steps to ensure this will not happen again.”