- E3 apologized for leaking the names, phone numbers, email addresses, and home addresses of more than 2,000 YouTubers, journalists, and analysts who received press passes for the 2019 E3 conference.
- The data was temporarily accessible in a downloadable Excel sheet on the E3 website.
- Those who had their information leaked say they have fallen victim to prank texts and calls, with several reporting threats involving references to their homes.
- Some are calling for a class-action lawsuit, and lawyers say the severity of the threats could provide substantial grounds for a case against the Entertainment Software Association.
Data Leaked on E3 Website
The private information of 2,025 YouTubers, journalists, and Wall Street analysts was leaked after E3 posted a downloadable link with that data to its website.
The link was titled “Registered Media List” and could be found on the “Helpful Links” page. Information within it included names, phone numbers, email addresses, and even the home addresses of those who received press badges to attend this year’s June convention.
“[Entertainment Software Association] was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public,” the association said in a written statement released Saturday. “Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again.”
Even after ESA deleted the “Helpful Links” page on Friday, anyone using a Google cached version of the page could have still accessed the confidential Excel spreadsheet. The original file has since been completely deleted, but a copy has already been distributed in online forums.
On Saturday, the ESA also began reaching out to those affected.
“We provide ESA members and exhibitors a media list on a password-protected exhibitor site so they can invite you to E3 press events, connect with you for interviews, and let you know what they are showcasing,” the ESA said in its message. “For more than 20 years there has never been an issue. When we found out, we took down the E3 exhibitor portal and ensured the media list was no longer available on the E3 website.”
As of Monday, visiting the page results in a 404 Error.
So far, the ESA has not commented on how the dox occurred.
YouTuber Sophia Narwitz first broke the story on Friday and claims to have reached out to the ESA within 30 minutes of learning of the leak.
“In an era of swatting and much worse, it is a colossal fuck-up that the ESA would mishandle data in this capacity,” Narwitz said in a YouTube video.
Several YouTubers said they have already fallen victim to spam calls and texts. Many worry that the leak — particularly of private addresses — could lead to more dangerous consequences.
A few journalists have indicated that they have personally received threatening emails with their home addresses or photos of their homes.
“That [the ESA] would put people at risk in this capacity is beyond my understanding,” Narwitz said.
Narwitz cited incidents involving a journalist’s assault by an Antifa group, mass shootings by individuals with far-right ideologies, and general toxic culture spurred by internet trolls.
Many have been critical of the ESA over the information breach.
Several gamers have even called for a class-action lawsuit against the ESA for leaking their private information, with many criticizing the ESA’s use of the phrase “website vulnerability” when the file was uploaded to the website rather than obtained through hacking.
Stephen McArthur, who uses the moniker “The Video Game Lawyer,” told Game Daily the ESA will “almost certainly” face a lawsuit by the end of August for failure to exercise reasonable care with the information.
Though lawyers have said the case could gain traction in court because of the threats journalists have experienced, attorney Sarah Wesley Wheaton said the ESA is not likely to lose a case involving password protection and lack of security.
“There has never been a successful case against a company for failing to impose strict enough login credentials and I assume similar reasoning will apply [here],” she told Game Daily. “While there weren’t any login credentials in ESA’s case, because the personal information seems mostly limited to names and addresses and did not include social security information or other embarrassing personal information, the lack of encrypted spreadsheets would likely not be considered unfair by the FTC.”
The ESA will need to report the dox to California Attorney General Xavier Becerra, who has the power to launch an investigation.
See what others are saying: (Business Insider) (PCMag) (Kotaku)
Schools Across the U.S. Cancel Classes Friday Over Unverified TikTok Threat
Officials in multiple states said they haven’t found any credible threats but are taking additional precautions out of an abundance of safety.
Schools in no fewer than 10 states either canceled classes or increased their police presence on Friday after a series of TikToks warned of imminent shooting and bombs threats.
Despite that, officials said they found little evidence to suggest the threats are credible. It’s possible no real threat was actually ever made as it’s unclear if the supposed threats originated on TikTok, another social media platform, or elsewhere.
“We handle even rumored threats with utmost seriousness, which is why we’re working with law enforcement to look into warnings about potential violence at schools even though we have not found evidence of such threats originating or spreading via TikTok,” TikTok’s Communications team tweeted Thursday afternoon.
Still, given the uptick of school shootings in the U.S. in recent years, many school districts across the country decided to respond to the rumors. According to The Verge, some districts in California, Minnesota, Missouri, and Texas shut down Friday.
“Based on law enforcement interviews, Little Falls Community Schools was specifically identified in a TikTok post related to this threat,” one school district in Minnesota said in a letter Thursday. “In conversations with local law enforcement, the origins of this threat remain unknown. Therefore, school throughout the district is canceled tomorrow, Friday, December 17.”
In Gilroy, California, one high school that closed its doors Friday said it would reschedule final exams that were expected to take place the same day to January.
According to the Associated Press, several other districts in Arizona, Connecticut, Illinois, Montana, New York, and Pennsylvania stationed more police officers at their schools Friday.
Viral Misinformation or Legitimate Warnings?
As The Verge notes, “The reports of threats on TikTok may be self-perpetuating.”
For example, many of the videos online may have been created in response to initial warnings as more people hopped onto the trend. Amid school cancellations, videos have continued to sprout up — many awash with both rumors and factual information.
“I’m scared off my ass, what do I do???” one TikTok user said in a now-deleted video, according to People.
“The post is vague and not directed at a specific school, and is circulating around school districts across the country,” Chicago Public Schools said in a letter, though it did not identify any specific post. “Please do not re-share any suspicious or concerning posts on social media.”
According to Dr. Amy Klinger, the director of programs for the nonprofit Educator’s School Safety Network, “This is not 2021 phenomenon.”
Instead, she told The Today Show that her network has been tracking school shooting threats since 2013, and she noted that in recent years, they’ve become more prominent on social media.
“It’s not just somebody in a classroom of 15 people hearing someone make a threat,” she said. “It’s 15,000 people on social media, because it gets passed around and it becomes larger and larger and larger.”
Jake Paul Says He “Can’t Get Cancelled” as a Boxer
The controversial YouTuber opened up about what it has been like to go from online fame to professional boxing.
The New Yorker Profiles Jake Paul
YouTuber and boxer Jake Paul talked about his career switch, reputation, and cancel culture in a profile published Monday in The New Yorker.
While Paul rose to fame as the Internet’s troublemaker, he now spends most of his time in the ring. He told the outlet that one difference between YouTube and boxing is that his often controversial reputation lends better to his new career.
“One thing that is great about being a fighter is, like, you can’t get cancelled,” Paul said. The profile noted that the sport often rewards and even encourages some degree of bad behavior.
“I’m not a saint,” Paul later continued. “I’m also not a bad guy, but I can very easily play the role.”
Paul also said the other difference between his time online and his time in boxing is the level of work. While he says he trains hard, he confessed that there was something more challenging about making regular YouTube content.
“Being an influencer was almost harder than being a boxer,” he told The New Yorker. “You wake up in the morning and you’re, like, Damn, I have to create fifteen minutes of amazing content, and I have twelve hours of sunlight.”
Jake Paul Vs. Tommy Fury
The New Yorker profile came just after it was announced over the weekend Paul will be fighting boxer Tommy Fury in an 8-round cruiserweight fight on Showtime in December.
“It’s time to kiss ur last name and ur family’s boxing legacy goodbye,” Paul tweeted. “DEC 18th I’m changing this wankers name to Tommy Fumbles and celebrating with Tom Brady.”
Both Paul and Fury are undefeated, according to ESPN. Like Paul, Fury has found fame outside of the sport. He has become a reality TV star in the U.K. after appearing on the hit show “Love Island.”
See what others are saying: (The New Yorker) (Dexerto) (ESPN)
Hackers Hit Twitch Again, This Time Replacing Backgrounds With Image of Jeff Bezos
The hack appears to be a form of trolling, though it’s possible that the infiltrators were able to uncover a security flaw while reviewing Twitch’s newly-leaked source code.
Hackers targeted Twitch for a second time this week, but rather than leaking sensitive information, the infiltrators chose to deface the platform on Friday by swapping multiple background images with a photo of former Amazon CEO Jeff Bezos.
According to those who saw the replaced images firsthand, the hack appears to have mostly — and possibly only — affected game directory headers. Though the incident appears to be nothing more than a surface-level prank, as Amazon owns Twitch, it could potentially signal greater security flaws.
For example, it’s possible the hackers could have used leaked internal security data from earlier this week to discover a network vulnerability and sneak into the platform.
The latest jab at the platforms came after Twitch assured its users it has seen “no indication” that their login credentials were stolen during the first hack. Still, concerns have remained regarding the potential for others to now spot cracks in Twitch’s security systems.
It’s also possible the Bezos hack resulted from what’s known as “cache poisoning,” which, in this case, would refer to a more limited form of hacking that allowed the infiltrators to manipulate similar images all at once. If true, the hackers likely would not have been able to access Twitch’s back end.
The photo changes only lasted several hours before being returned to their previous conditions.
First Twitch Hack
Despite suspicions and concerns, it’s unclear whether the Bezos hack is related to the major leak of Twitch’s internal data that was posted to 4chan on Wednesday.
That leak exposed Twitch’s full source code — including its security tools — as well as data on how much Twitch has individually paid every single streamer on the platform since August 2019.
It also revealed Amazon’s at least partially developed plans for a cloud-based gaming library, codenamed Vapor, which would directly compete with the massively popular library known as Steam.
Even though Twitch has said its login credentials appear to be secure, it announced Thursday that it has reset all stream keys “out of an abundance of caution.” Users are still being urged to change their passwords and update or implement two-factor authentication if they haven’t already.