The ESA messed up

Anything not relating to the X-Universe games (general tech talk, other games...) belongs here. Please read the rules before posting.

Moderator: Moderators for English X Forum

Post Reply
User avatar
felter
Posts: 6972
Joined: Sat, 9. Nov 02, 18:13
xr

The ESA messed up

Post by felter » Mon, 5. Aug 19, 01:11

I don't know if you have heard about this as it isn't actually being talked about so what am I talking about it turns out that ESA that's the Entertainment Software Association and not the European Space Agency the guys behind E3. So it looks like they messed up and I mean majorly messed up a screw up beyond any kind of screw up that has become before. So it turns out if you wanted to go to E3 and you wanted a press card you had to supply the ESA with some rather personal data, your full name, your address, your phone number, your email, you get the drift.

So what did they do with all if this data by the way this is the data of over 2000 Journalists, Youtubers, content creators and influencers. Okay what they did was they put it all up on their website in an unencrypted plain text spreadsheet not just that they actually put a link to the document for anyone and everyone to download to view the contents. to make matters worse they were first informed (as far as we know) about this document around a month ago and when did they remove it OH about 3 days ago.

This is a monumental data breach one that has probably never happened before the hackers didn't even have to hack the system all they had to do was click on a live link and hey presto they had all the data ready for the reading.

I think the reason it's not being talked about too much is the lawyers have told them not to as you can imagine the ESA is in a massive world of legal crap right now this is going to cost them a shed load of cash, I wouldn't be surprised if this ends up killing them off. If you have anything to do with the ESA I would say RUN, run away as fast as you can.

The ESA have said:
“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.”
They are actually calling it an accident, it wasn't an accident it was incompetence and as far as I know it was after they made that statement that it came out that it had been mentioned to them a month ago, so much for them immediately took steps, a month is a pretty long time. Also it's not just America that it effects, as the likes of EU journalists like the BBC and the list was available to EU citizens so it breaks the GDPR rules, so they can expects some hefty fines from Europe too and I expect other parts of the world.

The ESA is not having a particularly good time of it right now.
Florida Man Makes Announcement.
We live in a crazy world where winter heating has become a luxury item.
Top
User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Re: The ESA messed up

Post by red assassin » Mon, 5. Aug 19, 02:12

felter wrote:
Mon, 5. Aug 19, 01:11
 This is a monumental data breach one that has probably never happened before the hackers didn't even have to hack the system all they had to do was click on a live link and hey presto they had all the data ready for the reading.
While this is a serious screwup, let's be real here - this sort of carelessness with personal data is par for the course and a regular occurrence, and the affected numbers here are tiny. Equifax lost similar data on hundreds of millions of people!
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way
Top
User avatar
felter
Posts: 6972
Joined: Sat, 9. Nov 02, 18:13
xr

Re: The ESA messed up

Post by felter » Mon, 5. Aug 19, 03:08

Yeah but here is the but, Equifax may have lost many millions but they didn't just give them away in a free to download excel file, not just that but to have a link directly to the file. The ESA just gave them away to whomever wanted them, that is the main issue here and which makes this a major issue. There was not any kind of security at all. There are reports of some of the reporters getting a lot of unsolicited phone calls and emails and not many of them are being nice. I do get that the Equifax hack was a major hack, but they didn't just hand all that data out, the hackers had to work to get it. To me it's not the amount of data that is the problem, it's how it happened and then it took them a month to remove it, they just left it sitting there on their website. Can you imagine what would have happened if Equifax had been informed that they had been compromised and they sat back and said, hey it's fine we'll get it next month. 2 thousand, 2 million, 200 million makes no difference, how it happened does.
Florida Man Makes Announcement.
We live in a crazy world where winter heating has become a luxury item.
Top
pjknibbs
Posts: 41359
Joined: Wed, 6. Nov 02, 20:31
x4

Re: The ESA messed up

Post by pjknibbs » Mon, 5. Aug 19, 09:11

felter wrote:
Mon, 5. Aug 19, 03:08
 To me it's not the amount of data that is the problem, it's how it happened
To me it's not the amount of data that's the problem, full stop. A security breach is a security breach, whether it affects 2000 users or two million.
Top
User avatar
felter
Posts: 6972
Joined: Sat, 9. Nov 02, 18:13
xr

Re: The ESA messed up

Post by felter » Mon, 5. Aug 19, 15:21

pjknibbs wrote:
Mon, 5. Aug 19, 09:11
felter wrote:
Mon, 5. Aug 19, 03:08
 To me it's not the amount of data that is the problem, it's how it happened
To me it's not the amount of data that's the problem, full stop. A security breach is a security breach, whether it affects 2000 users or two million.
I agree 100% that the numbers do not matter, but here's the thing, this was not a security breach. The file was not encrypted, it was not hidden away, it wasn't even password protected or user protected, it was just a plain text file that they put up on their website with a link leading to it. I have no idea what the link was, I can imagine it was probably something like E3 press list or something along those lines. So there was no security and it wasn't a breach as they just gave the list away for free to anyone that wanted it, you just clicked on the link and hey the data was yours and that is why this is so serious. You just can't give out peoples private and personal data to anyone and everyone that comes along but that is what they did.
Florida Man Makes Announcement.
We live in a crazy world where winter heating has become a luxury item.
Top
User avatar
red assassin
Posts: 4613
Joined: Sun, 15. Feb 04, 15:11
x3

Re: The ESA messed up

Post by red assassin » Mon, 5. Aug 19, 21:48

Accidental exposure happens all the time too. Here's somebody doing the same with 200 million US citizens: https://www.bbc.co.uk/news/technology-40331215
57 million: https://www.zdnet.com/article/elasticse ... -citizens/
340 million: https://www.wired.com/story/exactis-data-leak-fallout/

This blog keeps a monthly list of incidents worldwide, and the "Data Breaches" section is mostly accidental exposures (this is the most recent monthly post): https://www.itgovernance.co.uk/blog/lis ... -july-2019


Again, not that this isn't a serious incident, I just think that describing it as though it was something unusual is misleading. Your personal data is held in probably thousands of different places, and of those a pretty big chunk of them are really, really bad at taking even the most basic steps to protect it.
A still more glorious dawn awaits, not a sunrise, but a galaxy rise, a morning filled with 400 billion suns - the rising of the Milky Way
Top
Post Reply

Return to “Off Topic English”