The Target: Liquipedia is an encyclopedia on various video games, covering everything from history to tactics. The platform was founded and is run by Team Liquid, a Netherlands-based professional e-sports organization owned by aXiomatic Gaming, an e-sports and gaming enabler.
The Take: A part of the exposed information was contained in a user collection weighing 77MB, containing data on nearly 119,000 users. The exposed Liquipedia user details include: User IDs, User emails, email verification status, two-factor authentication status and account creation dates.
The Vector: Researchers surmised that secrets and private RSA keys were used to authenticate admin access to Liquipedia’s Reddit, Discord, Twitch, and X accounts.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.