Over 1.5 million user profiles featuring names, email addresses and personal IDs from the eSports Entertainment Association (Esea), a leading competitive videogame community, have been leaked online after being hijacked by hackers in late December last year.
In a statement posted online on Sunday (8 January 2017), the Esea issued an update to a previous security warning made on 30 December. It said the leak of user profiles was "expected" however provided little other insight into the true scope of the hack.
"We have been working around the clock to further fortify security and will bring our website online shortly when that next round is complete," the statement read.
A day earlier, a well-known breach notification website called LeakedSource claimed to have obtained a total of 1,503,707 Esea user records. It claimed the hack only emerged after the website's administrators failed to pay a ransom demand of $50,000 (£41,100).
CSO Online was provided with a sample of the records, which reportedly included usernames, email addresses, hashed passwords, dates of birth, phone numbers and ID names for popular gaming services including Steam, Xbox and the PlayStation Network (PSN).
Esea, which says it has "reached out" to the FBI to help probe the data breach, said in a user FAQ that it first learned about the incident on 27 December 2016.
"Change your passwords and security questions/answers for any other accounts on which you used the same or similar information used for your Esea account, and review any such accounts for any suspicious activity," the security advisory advises.
"Following this event we will be moving forward with an even more enhanced and robust security system," it added. "Although no system may ever be 100% secure, we hope our community will trust us that we are taking all the appropriate measures to ensure their data is as safe as possible."
Esea stated that, in light of the leak, it successfully worked to identify the source of the vulnerability and has taken the appropriate measures to patch it. Meanwhile, users have taken to social media and Reddit to complain about their details being leaked online.
In May 2013, Esea was mired in a separate scandal, hit with legal action after a rogue employee was caught enslaving users' computers – via its software downloads - to mine Bitcoin. The website admins were forced to cough up a $325,000 settlement payout after found to be in violation of the US Consumer Fraud Act.