If you are a member of the press, content creator, analyst, investor or similar and have registered to obtain your credential to participate in the E3 2019, know that there is a great possibility that your data may be available on the web right now.
And the exposure of this information seems almost amateurish, demonstrating innocence and even a little negligence on the part of the organization. ESA (entertainment software association) by making available an Excel spreadsheet containing the data of more than two thousand people who requested credentials to cover the event this year. This information was accessible until yesterday (02/08) through a spreadsheet in the section “Helpful Links”. The purpose of the spreadsheet was to allow game companies, developers and others to access this information to facilitate contact with journalists, youtubers and others who participated in the event.
And such ease to access such a spreadsheet in question is not justified, since the organization could at least make it available in an area that only the companies in question had access to or perhaps protect the file with a password, which would be the minimum protection to offer in cases like this.
Many of the data there can even be considered public, such as e-mails and business addresses, but the same spreadsheet also contains home addresses and cell phone numbers, among other data that belong to people who work in the press or independently, covering these types of events. . And there have been reports of unwanted calls and other situations involving people who had their names and data exposed there.
The alert was made by content creator Sophia Narwitz who contacted ESA to warn about the problem.
The organization, in turn, took the page down as soon as Sophia got in touch in addition to claiming that the spreadsheet was exposed “Due to a website vulnerability”, which in my view and as I have already written, it seems more with neglect and a certain negligence.
“ESA was informed about the vulnerability of the website related to the list of registered journalists’ contacts for E3 going public. Once notified, we act immediately in order to protect this data and take the page down, it is no longer available. We regret what happened and will take the necessary measures to ensure that this does not happen again ”
In addition to the possibility of the organization being subject to possible lawsuits, this data exposure also affects European journalists who are protected under the new data protection regulations. This new regulation requires the adequate protection of data such as those available in this spreadsheet and the breach by failing to guarantee this protection can generate a fine of up to 20 million euros to ESA.
I had access to the spreadsheet without much difficulty and from what I verified, there are data from at least 76 Brazilians linked to the media and various communication channels (residents in Brazil), and if you have covered or participated in E3 2019 using a credential of press or similar, I recommend that you contact ESA for more information and clarification.