A major eSports online community which jointly runs a CS:GO league suffered a hack back in December, with the hackers taking the details of over 1.5 milion user profiles and then attempting to hold them hostage for a ransom. As the profile details are now online, it doesn't seem like they were very successful in getting that ransom.
The community in question is ESEA, who indeed did post up on December 30th that a possible hack of their user data had possibly happened although they weren't 100% clear that it had. Now, on Saturday breach tracking site LeakedSource claims to have been able to obtain 1,503,707 ESEA user records, after ESEA didn't pay the hacker's demand of a $50,000 ransom. ESEA have now updated their hack warning saying "news has been made that ESEA's user data has been leaked online. We expected something like this could happen but have not confirmed this is ESEA's data" and since that change thanks to an effort from Reddit users and other large users, it has been all but confirmed that this data is from ESEA.
In an FAQ on the incident, ESEA say that they were "made aware of a security breach" on December 27th, in which "theft of certain user account information appears to have taken place." Some questions have been raised about why it then took 3 days for ESEA to publicly announce that it was something that could possibly have happened, but there are some possible good reasons for it. Maybe they were working on fixing the weakness in their systems before they made any announcements to save another opportunistic hacker taking advantage; maybe they were checking to see just what could have been taken by the hackers; or even upon telling authorities they were advised to delay any sort of announcement. We just don't know. The FAQ advises that all users change their passwords and security questions now just in case, as well as to keep an eye on their accounts for any suspicious activity.
As for what information got out, the leaked records include registration date, city, state or province, most recent login, username, forename and surname, the password’s bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID and PSN ID.
ESEA say that they have now sealed up the breach in their systems and are working with the FBI to track down the hacker.