ESEA fined $325,000 over bitcoin farming, user monitoring allegations
US eSports organisation ESEA has agreed to a $1 million settlement over malware hidden in its client by a couple of rogue employees.
The settlement follows a July lawsuit. In a statement issued by the New Jersey attorney general, the malware allowed its creators to monitor users' computers even when the client was inactive. Although it was only active for two weeks, during this time it infected around 14,000 computers in the US and generated $3,500 in mined bitcoins.
As part of the settlement, the ESEA has been fined $1 million, but only has to pay $325,000 of it to the state of New Jersey immediately, with the remainder of the fine to be suspended after ten years if it complies with the other conditions and refrain from further legal violations.
The ten-year compliance program includes strictures banning the ESEA from deploying software code that downloads to consumers’ computers without their knowledge and authorization, and requires it to make a web page publicly declaring what type of data it collects, the manner in which the data is collected and how the information is used.
More details on the malware and its effects are available in the full court documents [PDF], including the alarming fact that ESEA employees used the malware to copy files users.
Although several ESEA staff were involved in the creation and deployment of the experimental software used in the incident, one employee was held responsible for its deployment and use as malware.
The ESEA offered VG247 the following statement on the matter:
"As a result of the Bitcoin incident that occurred earlier this year, an investigation was opened by the Attorney General of New Jersey. We cooperated fully with the investigation and agreed to settle the matter so that we would be able to return our full attention to our business and serving the needs of the ESEA community.
"We want to make it clear to our community that we do not agree with the Attorney General's account of the Bitcoin incident.
"The settlement that was signed makes explicitly clear that we do not agree, nor do we admit, to any of the State of New Jersey's allegations. The press release issued by the Attorney General about our settlement represents a deep misunderstanding of the facts of the case, the nature of our business, and the technology in question.
"Moving forward, it is our intent to provide our community with confidence that ESEA will be taking every possible step to protect your privacy. The employee who was responsible for the Bitcoin incident was terminated, and we are taking steps to ensure that nothing like this can happen again. In the weeks to come, you can expect to see a notice posted on our website that provides a detailed explanation of our privacy policy in a manner that can be easily understood. Additionally, regular audits will be conducted by a third party specialist in order to ensure that we maintain a secure environment and protect your privacy.
"The ESEA Client remains to be a powerful tool that we will continue to offer our customers for a fair online video game experience. We remain committed to moving forward and focusing on delivering a high quality online video game experience for our customers."
Thanks, PCGamesN.