You should probably be aware that details for over 1.5 million ESEA user accounts was leaked today from a hacker after he failed to extort $100,000 from the ESEA. The ESEA is a company that is mainly known for running a fairly popular Counter-Strike league.

The leak first showed up back on January 7, 2017 when LeakedSource said that they have added over 1.5 million ESEA records to their database. The confirmation came from the ESEA today along with a timeline of the events that dates back to December 27, 2016.
December 27 (first contact) - The threat actor contacted ESEA early Eastern Standard Time on December 27 through our bug bounty program to inform us that they had obtained access to user data and demanding a ransom payment of $100,000 to not release or sell the user data.December 28 - 29 - We identified the vector of the attack and started to isolate that system and patch the vulnerability. We continued to exchange emails with the threat actor through the bug bounty program, in order to confirm the identified vulnerability and mitigate the threat. In parallel, we engaged with external legal counsel and security resources to understand the scope of the attack and potential impact for users, and to develop a plan for notifying all stakeholders. Security and development teams combed through the codebase to isolate the attack vector and make additional security improvements in preparation for notifying the community.

December 30 - With the vulnerability identified and patched, we continued the process to notify the community of the incident and to require a password reset to re-secure individual account credentials. ESEA notified the authorities (the FBI) of the breach and continue our assistance with any on-going investigations.

December 31 - January 6 - We continued to work around the clock to strengthen our security. During this period we also received several more emails from the threat actor escalating threats and demands, but we focused on our on-going security efforts.

January 7January 8 - We continued to experience service downtime as security upgrades were made but with no system intrusions. The threat actor released the stolen data on LeakedSource and various media outlets reported the theft, extortion attempt and publication of the stolen customer data.

January 9 - We updated the external authorities (the FBI), responded to media and community enquiries and posted this update.

That page also includes a brief FAQ, including the reason why the ESEA did not pay the $100,000 that the hacker demanded.
We do not give in to ransom demands and paying any amount of money would not have provided any guarantees to our users as to what would happen with their stolen data. The most responsible course of action was to share the incident with the authorities and our community so each individual could take steps to secure their accounts. At the same time, we have worked around the clock to isolate the attack vector, patch the vulnerability and further upgrade our security program.

The information leaked includes: usernames, emails, private messages, Ips, mobile phone numbers, forum posts, hashed passwords, and hashed secret question answers." Payment information is not stored by the ESEA and is thus still secure.

However, it would still be a wise idea to change your password with the ESEA and any other site where you may have reused that password. Moving forward, I suggest that you use a unique password at every site you belong to. This is made easier by using something like KeePass, 1Password, or LastPass.