A security flaw has publicly exposed what was supposed to be password-protected contact info for many of the journalists who cover E3, the world’s largest video game conference. A report says more than 2,000 people have been affected, including not just members of the news media but also YouTube and Twitch streamers and other web personalities, and workers at Goldman-Sachs, IMDb and other companies.
The group behind E3, the Entertainment Software Association, sent alert emails Saturday to reporters who’d registered for press credentials for the event, which this year took place at the Los Angeles Convention Center in June.
“We provide ESA members and exhibitors a media list on a password-protected exhibitor site so they can invite you to E3 press events, connect with you for interviews, and let you know what they are showcasing,” says the email to journalists. “For more than 20 years there has never been an issue.”
There’s been one now, though — the ESA says it was informed Friday of a flaw on the exhibitor site that led to the list being made public. It says it immediately shut down that site.
YouTuber Sophia Narwitz, who reported the flaw earlier and noted that she’d contacted the ESA about it, said a spreadsheet with the contact list could be downloaded by clicking a link labeled “registered media list” on a page on the public E3 site. She said private addresses were included on the list and that anyone who attended E3 under press or content-creator credentials could be affected.
When asked for comment, the ESA said it regrets this occurrence and has put measures in place to make sure it won’t happen again.