Following an incident that took place earlier this week, ESEA hereby issues an important security update for all users. Please read this carefully.
On Tuesday, 27 December, 2016 we were made aware of a security breach of the ESEA website database and the potential theft of certain user account information. It appears that the user data that might have been taken included usernames, emails, private messages, IPs, mobile phone numbers (for SMS messages), forum posts, hashed passwords, and hashed secret question answers. All ESEA user account passwords are using bcrypt, an industry best practice for securing passwords.
ESEA does not store any sensitive payment information (credit card, bank account, etc.), so any payments made on the ESEA website, or through third parties, have not been compromised. No ESEA Client and anti-cheat systems have been impacted in this incident. Neither the ESEA Client itself, nor data related to the ESEA Client, was accessed through this incident.
What are we doing to protect your account?
We are enforcing the following procedures with all accounts to make sure any compromised user data is no longer being used:
Security question reset
General recommendation: what can you as a user do to protect your account?
As a standard security best practice, we encourage users to consider the following measures:
Change your passwords and security questions/answers for any other accounts on which you used the same or similar information used for your ESEA account, and review any such accounts for any suspicious activity
Use passwords specific to each website you hold accounts at
Be cautious of any unsolicited communications that ask you for personal information or refer you to a website asking for personal information
We apologize that this incident has taken place. ESEA takes the security and integrity of customer details and information very seriously and we are doing everything in our power to investigate this incident, establish precisely what has been taken, and make changes to our systems to mitigate any further breaches.