United States video games trade body the Entertainment Software Association is in hot water again after it emerged that contact info for registered media was available on the E3 website.
As originally reported by journalist Sophia Narwitz in a YouTube video, a speadsheet containing the contact information of over 2,000 members of the press, content creators and industry analysts - including personal addresses - was available unprotected.
Narwitz has come under fire for how she handled the story, with the journalist telling Kotaku that she tried to make sure that the list was not available by the time she released her video. Evidently, the spreadsheet was still available. Narwitz says that the spreadsheet was already in wide circulation and was set to be published anyways.
How long this spreadsheet had been available for is unclear, but it does seem that it isn't the final manifest of journalists and creators attending E3 2019, given that the names of several members of the press who signed up late in the day are missing.
There is already talk of lawsuits among those whose information has been leaked, while the ESA is also open to fines due to EU GDPR regulations - the maximum fine for which is €20m ($22.2m) or four per cent of global turnover, whichever is bigger.
According to Kotaku, members of the press are already receiving prank calls, while a journalist in the UK has already been sent an email with their address and a threat.
"ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public," the trade body said in an initial statement.
"Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again."
In a later statement, the ESA apologised for, er, "the inconvenience" caused by this leak.
"The Entertainment Software Association (ESA) was made aware yesterday of a website vulnerability on the exhibitor portal section of the E3 website. Unfortunately, a vulnerability was exploited and that list became public. We regret this happened and are sorry," the trade body said.
"We provide ESA members and exhibitors a media list on a password-protected exhibitor site so they can invite you to E3 press events, connect with you for interviews, and let you know what they are showcasing. For more than 20 years there has never been an issue. When we found out, we took down the E3 exhibitor portal and ensured the media list was no longer available on the E3 website.
"Again, we apologise for the inconvenience and have already taken steps to ensure this will not happen again."