E-Sports Entertainment Association ( ESEA ) , one of the largest competitive video gaming communities on the planet , was hacked last December . As a result , a database containing 1.5 million player profiles was compromised . On Sunday , ESEA posted a message to Twitter , reminding players of the warning issued on December 30 , 2016 , three days after they were informed of the hack . Sunday ’ s message said the leak of player information Attack.Databreach was expected , but they ’ ve not confirmed if the leaked records Attack.Databreach came from their systems . Late Saturday evening , breach notification service LeakedSource announced the addition of 1,503,707 ESEA records to their database . When asked for additional information by Salted Hash , a LeakedSource spokesperson shared the database schema , as well as sample records pulled at random from the database . Learn about top security certifications : Who they 're for , what they cost , and which you need . However , in all , there are more than 90 fields associated with a given player record in the ESEA database . While the passwords are safe , the other data points in the leaked records could be used to construct a number of socially-based attacks , including Phishing Attack.Phishing . Players on Reddit have confirmed their information was discovered in the leaked data . A similar confirmation was made Twitch ’ s Jimmy Whisenhunt on Twitter . The LeakedSource spokesperson said that the ESEA hack was part of a ransom scheme Attack.Ransom , as the hacker responsible demanded Attack.Ransom $ 50,000 in payment Attack.Ransom . In exchange for meeting their demands , the hacker would keep silent about the ESEA hack and help the organization address the security flaw that made it possible . In their previous notification , ESEA said they learned about the incident Attack.Databreach on December 27 , but make no mention of any related extortion attempts Attack.Ransom . The organization reset passwords , multi-factor authentication tokens , and security questions as part of their recovery efforts . We ’ ve reached out to confirm the extortion attempt Attack.Ransom claims made by the hacker , as well as the total count for players affected by the data breach Attack.Databreach . In an emailed statement , a spokesperson for ESL Gaming ( parent company to Turtle Entertainment ) confirmed that the hacker did in fact attempt to extort money Attack.Ransom , but the sum demanded Attack.Ransom was `` substantially higher '' than the $ 50,000 previously mentioned . The company refused to give into the extortion demands Attack.Ransom , and went public with details before the hacker could publish anything . The statement also confirms the affected user count of 1.5 million , and stressed the point that ESEA passwords were hashed with bcrypt . When it comes to the profile fields , where more than 90 data points are listed , ESL Gaming says those are optional data points for profile settings . `` We take the security and integrity of customer details very seriously and we are doing everything in our power to investigate this incident , establish precisely what has been taken , and make changes to our systems to mitigate any further breaches . The authorities ( FBI ) were also informed and we will do everything possible to facilitate the investigation of this attack , '' the message from ESL Gaming concluded . `` Based on the proof provided to us by the threat actor of possession Attack.Databreach of the stolen data , we were able to identify the scope of the data that was accessed Attack.Databreach . While the primary concern and focus was on personal data , some of ESEA ’ s internal infrastructure including configuration settings of game server hardware specifications , as well as game server IPs was also accessible Attack.Databreach . Due to the ongoing investigation , we prioritized customer user data first , '' the statement explains . In the days that followed that initial contact , ESEA worked to secure their systems , and the hacker kept making demands . On January 7 , ESEA learned the hacker also exfiltrated Attack.Databreach intellectual property from the compromised servers

Over the weekend , a hacker known as TheDarkOverlord resurfaced and released the first episode of season five for `` Orange is the New Black '' a popular show on Netflix that is n't slated to air until June . A short time later , TheDarkOverlord released episodes 2 though 10 , along with a warning to other Hollywood studios – you 're next . The media jumped on the story . Netflix would n't confirm or deny the leaked Attack.Databreach episodes were legitimate , stating that proper law enforcement had been notified , and that a company used by several TV studios `` had its security compromised . '' The company in question , Larson Studios , does audio post-production work for a number of shows and films , including NCIS Los Angeles , Designated Survivor , and Arrested Development . According to Larson Studios , they 've done work for FOX , Netflix , ABC , NBC , IFC , Showtime , and more . As word of Netflix 's security problem started to spread , news outlets starting comparing the incident to the Sony Pictures hack and the medical hacks over the last few years . While there are some comparisons to be made , they 're not the same type of threat . Netflix did n't have a Ransomware incident , and neither did Larson Studios . Their files were stolen Attack.Databreach , not encrypted . Ransomware encrypts the files on a computer and renders them useless . Victims can recover the files if they pay a fee (ransom) Attack.Ransom , or they can try and recover the files from backups . According to TheDarkOverlord , Larson Studios was targeted because they were a post-production company . Late last year , TheDarkOverlord hacked Attack.Databreach Larson Studios and downloaded Attack.Databreach an unknown number of files . Plenty of reporters knew TheDarkOverlord had targeted Hollywood , but until this weekend there was never any proof . Fast forward a few months . When Larson Studios did n't comply with the extortion demands Attack.Ransom , TheDarkOverlord turned their attention to Netflix . When Netflix refused to pay Attack.Ransom , season five ( minus three episodes ) of `` Orange is the New Black '' was released for download . `` It did n't have to be this way , Netflix . You 're going to lose a lot more money in all of this than what our modest offer was . We 're quite ashamed to breathe the same air as you . We figured a pragmatic business such as yourselves would see and understand the benefits of cooperating with a reasonable and merciful entity like ourselves , '' TheDarkOverlord wrote in a statement . Netflix surpassed $ 2.5 billion in quarterly streaming revenue in Q1 2017 , and added five million members to their subscriber base . While having one of their popular series leaked Attack.Databreach to the web is n't exactly helpful , it is n't clear if there will be any financial impact from this incident . Once again , extortion and Ransomware are two separate things . Netflix and Larson Studios are (were) being extorted Attack.Ransom , they were not infected with Ransomware and have complete access Attack.Databreach to their files . However , there is a lesson to be learned . Third-parties are always going to pose a risk to any organization , and this is certainly the case in Hollywood where secrecy and suspense are key to their business model .