The full list includes personal information for journalists, editors, and content creators.
Click image for larger version  Name:	ESA_logo.png Views:	1 Size:	285.5 KB ID:	3496652

The E3 website was home to an open secret for who knows how long now. On the site was a spreadsheet that contained the contact information, phone numbers, and personal addresses for over 2,000 game journalists, editors, and even some content creators. This spreadsheet, and all of the information it included, was publically accessible on the official E3 Expo site.

E3 is run and operated by the Entertainment Software Association or ESA for short. Since being made aware of the publicly accessible spreadsheet, they have since removed the working link to the file in addition to removing the file itself. However, as this is the Internet, the information was already copied in full and has since started to be spread around various forums.

Though some journalists did use their work address and work phone numbers, a number of event goers that do not have that luxury instead used their home addresses and personal cell phone numbers. This information has now been made public. As you may have already guessed, this has already led to a number of journalists receiving random text messages, calls, and even threats. Given how certain elements from the GamerGate harassment campaign are still very much alive and well, you can probably see why this sort of information being made public could potentially be a very, very dangerous thing.

The existence of this list was first shared by Sophia Narwitz and made public in a video posted to her YouTube channel just this yesterday (Friday, August 2). Narwitz herself was actually made aware of the file's existence after being sent an anonymous email telling her about it. In her video, Narwitz shows that the file was just one simple click away on the E3 site. There was a "Helpful Links" page that included a link called "Registered Media List." Clicking on it gave you access to names, addresses, phone numbers, and the publications for over 2,000 press members that attended E3 2019.

The information was not encrypted in any way. The spreadsheet was not even so much as locked behind a password.


Narwitz says that before she even considered making the story public, she had contacted the ESA via a phone call within 30 minutes of her discovery. She also "shot off an email not too long after" as she was "worried that (the phone call) might not be enough." She also reached out to a number of journalists to make them aware of the issue. One of the contacted journalists also reached out to the ESA about this spreadsheet being on their site. Shortly thereafter, the link was removed from the site. There is word circulating that the ESA was alerted to the easily accessible file well over a month prior and nothing was done about it. It has also been noted that the spreadsheet may have been available on the site since right around the time of this year's E3, which began on June 11, 2019.

After seeing that the link was removed, Narwitz claims that she felt it was safe to share her video with the world*. It was her belief that the file was gone from the site and no longer accessible since the link was removed. Unfortunately, that was not the case. While the ESA removed the clickable link from the Helpful Links page, the file itself still existed. The ESA never actually removed it from their site. This meant that anybody that knew the direct link to the file, or used the link from a Google cached version of the site, could still access the spreadsheet without any issue. Of course, this also meant that the file location was also visible in Narwitz's video. She had, unknowingly* and unfortunately, helped to publicize the continued availability of the spreadsheet on the E3 Expo's site.

Once again, the ESA was contacted about the file still existing. It was finally removed but the damage was already done.

The ESA says that they "regret this occurrence and have put measures in place to ensure it will not occur again." They also claim that the issue was a "website vulnerability" rather than a simple lack of security as was actually the case.

*As a matter of additional disclosure, I feel it must also be noted here that Sophia Narwitz frequents sites like Kiwifarms and the KotakuInAction subreddit. Kiwifarms is a known harassment site while KotakuInAction is still one of the main haunts of the the remnants that make up the harassment group known as GamerGate. She is also a known supporter of GamerGate and now works for Colin Moriarty, the disgraced former member of Kinda Funny that has been repeatedly under fire for his sexism and numerous idiotic and factually incorrect social media remarks. As such, I personally do not believe she had absolutely no ill-intent in posting the video when she did.