Skip to main content

E3 organizer says it’s tightened security after accidentally doxxing thousands of attendees

E3 organizer says it’s tightened security after accidentally doxxing thousands of attendees


Earning back trust and support is a ‘top priority’

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

E3 stock

The Electronic Software Association is introducing tighter security measures around press registration for E3, one of the world’s largest video game conferences. This move follows an incident last year in which sensitive personal information belonging to thousands of journalists, YouTube creators, and Twitch streamers was made public. A new blog post published today details updates to the conference and its “media registration process,” which the company says “received a lot of attention this past summer.”

“Earning back your trust and support is our top priority,” the post reads. “That’s why we rebuilt the E3 website with enhanced and layered security measures developed by an outside cybersecurity firm. This included updating our data management processes, including the handling of personally identifiable information, and we will no longer store that data on our site.”

“Earning back your trust and support is our top priority.”

Changes to the registration process will also occur this year. The ESA will “collect the minimum information necessary” for attendees registering. The post doesn’t state what those specific changes are.

Last year’s leak, which involved an unprotected file uploaded online and available for anyone to download, led to personal information like home addresses and phone numbers appearing on hateful forums like Kiwi Farms. After data leaked, multiple journalists — including staff members of The Verge — received texts and phone calls from complete strangers. YouTuber Sophia Narwitz was the first person to spot the vulnerability, and noted people could find the list simply by clicking on a button on the ESA’s website. The ESA confirmed that a website vulnerability led to a contact form for registered media being made widely available.

The ESA faced a wave of criticism following the vulnerability from people inside the gaming space for its poor response to the situation. The ESA issued a statement acknowledging it regretted “this occurrence and have put measures in place to ensure it will not occur again.”

E3 is one of the biggest annual gaming conventions, and a big part of the draw for companies like Sony and Microsoft is being able to meet with journalists, YouTubers, and streamers. Fixing the vulnerability issue is key to ensuring companies and attending media that sharing their information with the ESA won’t end up in the wrong hands.