The popular Liquipedia wiki platform, dedicated to e-sports and managed by Team Liquid, suffered a database leak that exposed the email addresses of users and other confidential information.
Liquipedia, an encyclopedia covering various video games and e-sports tactics, was founded and controlled by Team Liquid, a professional e-sports organization based in the Netherlands and owned by Axiomatic Gaming.
According to researchers from Cybernews, the Mongodb database used by Liquipedia was publicly accessible without a password. This resulted in the publication of logins and other data from 119,000 users of Liquipedia, as well as information about the platform’s administrators. The leaked database was approximately 77 Mb in size. (source: Cybernews)
The following information from the platform was exposed during the data leak:
- • User identifiers;
- • Email addresses of users;
- • The status of email address verification;
- • Two-factor authentication status;
- • Account creation dates.
In addition to these details, more sensitive information, such as secret keys to access Liquipedia accounts on social networks, was also released.
Cybernews warns that these data leaks can be easily exploited by attackers for phishing attacks, unauthorized access to personal user accounts, and manipulation of the organization’s official social media accounts.
Upon being notified by researchers, the Liquipedia administration promptly addressed the vulnerability in the database settings. The company also informed affected users about the incident and implemented technical and organizational measures to prevent similar incidents in the future.