E3 2021 is just days away and users are already having major issues with the media portal.
The all-digital event kicks off on June 10 here in Australia, and you can view all of the showcase times in our handy guide here. But in preparation for the official launch, some members of the media have already gained access to the portal and have quickly found it to be, well, not great.
Windows Central editor Matt Brown live-tweeted his experiences with the portal, which quickly went from bad to funny to downright concerning. For starters, you can’t have a password that exceeds 12 characters. No, not a minimum, that’s a *maximum* of 12 characters.
Seems like a security risk, but go off, I guess.
And then there’s the avatar generator, which we’ve already done an in-depth review of, that glitched out for Matt and left him with an unfortunate haircut.
https://twitter.com/mattjbrown/status/1401966089546895362
But the real kicker here comes from E3’s brand new “friend finding” function, which was obviously developed to help gamers make new friends during the event. But you know what they say, the road to hell was paved with good intentions and it looks like the road to making friends online has been paved with a big ol’ security issue.
According to Brown, the social feature allows you to straight-up search for everyone in the E3 directory and gives you their personal contact information. Thankfully, Brown contacted the user in question and they promptly removed their details from the portal.
Kotaku Australia has reached out to E3 regarding this issue and is yet to hear back on whether it has been resolved.
Update 9/6:
ESA has since responded to Kotaku Australia confirming the portal is secure and that it has updated the language to make it clearer for users.
“The E3 portal has not shared any personal information with anyone. These are profiles (much like social media profiles) with an About Me section that is public within the portal and app,” ESA told Kotaku Australia in a statement.
“People are welcome to add whatever information they would like to the About Me section, and there’s no area that asks or prompts for any personal information. Just to make sure it’s clear, we have added more language to the profile creation section to doubly ensure users understand their About Me profile is public in the portal and app. In addition, users have the opportunity to cancel the sharing of any information on their About Me section. The E3 portal is safe, secure and protects the personal information of all users.”
https://twitter.com/mattjbrown/status/1401975895968059392
Basically, it looks like the contact information was optional, but the user was unaware when they added it that it could be searched by anyone on the platform.
But Brown isn’t the only person to comment on the seemingly unending list of issues with the portal, like this list of “recommended people” that is either just in alphabetical order, or has been infiltrated by the Aaron alliance.
One of the funniest things about this whack E3 portal nonsense is the “Recommended People” being just media folk who have signed up in alphabetical order. pic.twitter.com/EZEbRu7Phm
— Jeremy Bratetich (@Obiwanjezz) June 7, 2021
E3 has already clarified previously that it used a third-party company to build the 2021 app and portal.
This has already received negative attention after a Resetera user was able to download a JavaScript file that included a number of banned words in the app’s messenger functionality, seemingly pointing out that the website’s security was sub-par to begin with.
Interestingly, it wasn’t until after the document was publicly leaked that E3 made the decision to password-protect the JavaScript file.
But the issue seems much worse now that it has proven easy to access users’ personal information, rather than the fact that the word “toejam” was banned.
The seeming lack of security is particularly concerning after ESA was forced to apologise back in 2019 after an E3 data breach leaked the names, addresses and contact details of more than 2,000 journalists, content creators and industry people attending the event.
“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public,” the ESA said in a statement at the time. “Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again.”