E3 data breach leaks info for thousands of registered journalists

The ESA blamed a 'website vulnerability' for leaking the contact list.

Thanks to a staggering bit of negligence on the part of the organization that manages E3, the last and worst "leak" this year affects people from the media who covered the event. As pointed out on YouTube by Sophia Narwitz, a spreadsheet was available on the E3 website listing detailed contact information for over 2,000 journalists, content creators, analysts and others who applied for and received credentials to the event this year.

The list apparently existed so that videogame companies could reach news media and content creators they wanted to contact about coverage, but it's obviously not intended to become publicly available. In a statement, the ESA said "Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again."

That doesn't do much to help the people who are now at risk for targeted harassment, and, as VentureBeat points out, may cause an issue with Europe's GDPR. Narwitz noted that the list was pulled within hours of the ESA being notified, which was not soon enough to avoid people downloading and spreading the information.

ESA: