E3 Accidentally Doxxed Over 2,000 Journalists, YouTubers, and Streamers (buzzfeednews.com) 45
The Entertainment Software Association, which runs the E3 video game expo, accidentally made phone numbers, emails, names, and addresses of over 2,000 attendees public on their website. "A copy of the list was archived on several popular message boards for trolls, and includes the home addresses of many reporters," reports BuzzFeed News. From the report: The leaked list was discovered by journalist and YouTube creator Sophia Narwitz. Narwitz made a video about the database, titled "The Entertainment Software Association just doxxed over 2000 journalists and content creators," last week. Narwitz told BuzzFeed News that some members of the media criticized her following her video, accusing her of drawing attention to the list. Making Narwitz's role in this more complicated is her history with the pro-GamerGate subreddit, r/KotakuInAction. She's currently arguing publicly with members of the gaming site Kotaku. Based on screenshots Narwitz tweeted, however, she did attempt to notify ESA about the leak before making her video about it. "I think this whole event shows a stunning level of incompetence on the ESA's part. The file wasn't password protected, it was just in the open for anyone to download with a single click," she said. Harassment against those included on the list appears to have already begun. "ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public," the ESA wrote in a statement provided to Kotaku. "Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again."
Fake News (Score:5, Informative)
The leaked list was discovered by journalist and YouTube creator Sophia Narwitz
No, it wasn't. It was known about in February. It was distributed and discussed by people quietly up until Sophia Narwitz made a popular video about it.
Then clowns at Kotaku, etc. attacked Sophia Narwitz as if she had caused the problem.
Re:Fake News (Score:5, Informative)
Making Narwitz's role in this more complicated is her history with the pro-GamerGate subreddit, r/KotakuInAction.
Again, no. That simplifies it. Kotaku, et. al. are attacking her because she is (rightfully) critical of their bullshit.
Re:Fake News (Score:5, Informative)
"ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public," the ESA wrote in a statement provided to Kotaku. "Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again."
Bull. Shit.
The ESA was made aware of the fact that the file was available publicly because Sophia Narwitz herself did the journalistic legwork to notify them, ask them for comment, and give them a chance to fix it before she released her story.
She knew of it, and was writing the story based on it, because others who knew about it had tipper her off to it. It was not a secret she exposed.
She waited until the page with the link to the file returned an HTTP 404 status code before releasing her video. However, there was no "vulnerability" that the ESA fixed. They simply removed the page that linked to the file. And they didn't even remove the file itself. After the "fix", if you went directly to the file's URL (as opposed to the page linking to it), the file was still delivered to your browses. It took a second "fix" following the initial public stink for the ESA to actually pull the file from the site.
The file itself existed for one reason - for publishers to be able to contact game media "journalists" and YouTube / social media "influencers" in order to pursue deals for advertising and shilling their games.
The result of all this? E3 is dead.
Re: (Score:1)
(Should have hired me instead, fuckers!!!)
Re: (Score:1)
The result of all this? E3 is dead.
Bullshit. E3 isn't dead. E3 serves a somewhat weird purpose these days, as quite a lot of E3 is now done via streamed keynotes that technically are just E3-adjacent, but nothing has replaced E3 yet. It still serves its original purpose of connecting devs with journalists and now influencers, along with a new purpose of providing a single time of year when developers can release trailers and convince people to essentially watch ads. It's kind of like the Apple keynotes - they're just ads for their crappy pro
Re: (Score:3)
Nintendo does do conferences anymore, they put up a video on YouTube and just live stream developer interviews.
Sony didn't even show up this year.
The most entertaining thing to come out of E3 is Devolver Digital's insanity. The most informative thing to come out of E3 is all the leaks beforehand. There's no news - everything the press or the YouTubers give us is manufactured, focus-tested garbage.
Both Sony and MS have new consoles coming out within the next 16 months most likely. They'll both want to hav
Collection of Data (Score:4, Insightful)
Here is an idea: How about we all just stop collecting all this data.
Seriously. You paid your money or got a comp. You got a name, you get in. Some other twat gets in with your name? Guess they should have sent you a little code...like an airline reservation number. No PII required. I hate all these stupid cyber events and stuff that want to scan my attendee ID and then spend the rest of eternity emailing me and sending me spam. Seriously....I went....I saw....I talked.... If I'm interested I'll find you.
Re:Collection of Data (Score:4, Informative)
The data was collected so it could be distributed. But it's supposed to be distributed to publishers so they can work the media and influence the "influencers".
How do you think those YouTubers end up with exclusive access to betas sand stuff? Do you think they're doing an unboxing video of a totally unexpected package that just happens to be the super duper collector's edition of the next big game? Even if the package truly was unexpected and had no strings (officially) attached, how do you think they knew where to deliver it?
Re: (Score:2)
GDPR creates a legal requirement to minimize data collection, and when stuff like this happens the fact that you didn't is used to increase the fine. Companies are slowly learning that expensive lesson.
Re: (Score:2)
You're talking about ending a significant source of revenue. Unless you can come up with a way to force them to stop, it's not going to happen.
Re: (Score:2)
Someone that makes their living streaming games online will be working from home. Sharing their home address, email address and other contact details violates GDPR amongst other things.
Their name may not even be public information. Their online identity is their brand, not their real name.
Bloggers working for Kotaku and the like tend to dox themselves anyway, because they just wont shut the fuck up on social media. They can however use their employer's address and contact details so this leak is indeed less
Does the ESA not know how the internet works? (Score:4, Insightful)
"we immediately took steps to protect that data"
Oh, so they went around to anyone who may have the copied the list and deleted it off their computers? Taking steps to protect data is only something that can be done before the data is out.
Don't Shoot the Messenger (Score:2)
"The Entertainment Software Association just doxxed over 2000 journalists and content creators," last week. Narwitz told BuzzFeed News that some members of the media criticized her following her video, accusing her of drawing attention to the list.
Umm attention needs to be drawn to incidents like this. It is irresponsible to do otherwise.
Fix your shit people. If someone performed some meltdown or specter shit on your data then ok, i might understand a little bit.
But a folder sitting out in the open with
except... (Score:4, Insightful)
...doxxing is the DELIBERATE exposure of this information.
This is clearly an accident, so using the word doxxing is deliberately misleading, in the same sense someone who had a car accident that killed someone would be accused of "murdering" that person.
Re: (Score:2)
Re: (Score:3)
Accidental? The file was not password protected and was put on a public website with a direct link under a useful tools category. The company was notified of it in February and did nothing to take it down. Seems a pretty fucking deliberate exposure of personal information to me.
Re: (Score:1)
Yeah, I guess the lawyers will have a field day with this.
Simpler (Score:2)
Making Narwitz's role in this more complicated is her history with the pro-GamerGate subreddit, r/KotakuInAction.
Oh dear, she stays informed about corrupt, scumbag journalists. To the contrary, I'd say that made things simpler, since she knew to keep the receipts handy in case they tried to smear her (which they did) instead of crediting her for her work.
Or does Buzzfeed mean that makes it more complicated for them? Tough shit, then.