Gaming Expo E3 Exposes Personal Data of Over 2000 Journalists on its Website

  • The exposed data included names, phone numbers and house addresses of over 2000 journalists and content creators.
  • The data was exposed through a spreadsheet that could be downloaded from a link on the E3 website.

Electronic Entertainment Expo, popularly known as E3, exposed the personal information of more than 2000 journalists and content creators on its website. According to Sophia Narwitz, who discovered this breach incident, the details were stored in a spreadsheet that was downloadable through a link on the E3 website.

The trade event is very well-known for showcasing the latest computer products and video games from around the world. E3 was held from June 11 to June 13 in Los Angeles this year.

The big picture

  • Narwitz came across a link called “Registered Media List” on the E3 website. Upon clicking, it downloaded a spreadsheet.
  • The spreadsheet contained the names, phone numbers and house addresses of over 2000 journalists and content creators.
  • Narwitz said that the incident impacted journalists from various media organizations as well as YouTube and Twitch users.
  • The link was removed from the site after Narwitz contacted the Entertainment Software Association (ESA), who is the organizer of the E3 expo.
  • Narwiz documented the E3 data breach incident in a YouTube video.

ESA cites website vulnerability

In a statement to Kotaku, a video game blog, ESA told that the incident was due to a website flaw.

“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again,” said ESA.