The details, which include the names, addresses, phone numbers and publications of a portion of the media who attended E3 2019, were contained in a spreadsheet hosted on the E3 website.
Up until Friday evening, the list was accessible to anyone who had the URL.
The spreadsheet includes the private details of individuals from prominent publications, as well as streamers from Mixer, YouTube and Twitch. It also includes the details of financial analysts and employees of investment firms.
These details are usually shared by the ESA with its member companies, so that they can easily invite press to their events and meetings.
The link has since been taken offline following the discovery of what the ESA described as “a website vulnerability”.
“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public,” it said in a statement supplied to Venturebeat.
“Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not happen again.”
Since the list contained details of European members of the press, the leak could become a GDPR (General Data Protection Regulation) issue. The maximum fine for a GDPR violation is €20 million.