Personal information of more than 1.5m Counter-Strike players has been published online after a hacker's demands were rebuffed.
Data including usernames, emails, private messages, IPs, mobile phone numbers, forum posts, hashed passwords, and hashed secret question answers was obtained from the E-Sports Entertainment Association (ESEA) Counter-Strike community in December, and published over the weekend after the ESEA refused a demand for US$100,000.
"The security breach that we were made aware of on December 27, 2016 resulted in the theft of user data by a threat actor," the ESEA wrote yesterday in a post detailing the attack.
"This threat actor demanded a ransom payment and threatened to sell or publish the customer data. We do not give into extortion and ransom demands and we take the security of customers’ data very seriously."
The FBI is now investigating, but the ESEA is recommending that all its users change passwords and security questions/answers on any online accounts that feature similar information as their ESEA account, and review any accounts for any suspicious activity.
"We apologize that this theft has taken place," the company wrote.
"ESEA takes the security and integrity of customer details and information very seriously and we are doing everything in our power to investigate this attack and attempted extortion and are making changes to our systems to mitigate any potential further breaches."
Founded in 2003, the ESEA is one of the longest-running esports associations in existence.