E3 organiser the Entertainment Software Association (ESA) has unintentionally published the names, home addresses and phone numbers of more than 2,000 journalists who have attended E3 2019.
These details, which have now been removed, appeared in a spreadsheet that was hosted on E3’s website – anyone with the link could access it (and download it) until Friday evening (thanks Video Games Chronicle).
VentureBeat reported that it wasn’t only journalists whose details were leaked, but also “YouTube creators, Wall Street financial analysts at firms like Wedbush and Goldman Sachs, and Tencent employees.”
Since then, the ESA has apologised in a statement sent to those affected, saying: “The Entertainment Software Association (ESA) was made aware yesterday of a website vulnerability on the exhibitor portal section of the E3 website. Unfortunately, a vulnerability was exploited and that list became public. We regret this happened and are sorry.
“We provide ESA members and exhibitors a media list on a password-protected exhibitor site so they can invite you to E3 press events, connect with you for interviews, and let you know what they are showcasing. For more than 20 years there has never been an issue. When we found out, we took down the E3 exhibitor portal and ensured the media list was no longer available on the E3 website.
“Again, we apologize for the inconvenience and have already taken steps to ensure this will not happen again.”
As VentureBeat pointed out, this leak could be considered a GDPR violation, with the maximum fine for this being €20m. YouTuber Sophia Narwitz was the first one to alert people of the existence of the spreadsheet.