‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles - silversurfer - 04 June 21
Quote:An Elasticsearch server holding personal data of 6 million players of the popular mobile game Battle for the Galaxy was discovered insecure and containing over 1 terabyte of unencrypted data, meaning anyone with a link could access data stored on the repository.
Ethical hackers WizCase found the data and quickly alerted AMT Games, the publisher of Battle of the Galaxy, that the customer data was exposed. According to WizCase, AMT Games has not responded to inquiries, but the leaky server is now secure.
Battle for the Galaxy is available for Android and iOS devices, via the Steam gaming platform and also through the game publisher’s browser-based version of the game. The game follows the open world format, allowing players build worlds and armies that can be directed to battle other user armies.
WizCase said, in all 1.47 terabytes of data was left vulnerable. The stockpile included 5.9 million player profiles, 2 million transactions and 587,000 feedback messages. Feedback massages included account IDs, email addresses, in-game purchase prices and payment providers. Pulled together, this database could provide a rich set of data for cybercriminals to hone their phishing emails to make them look legitimate, WizCase said.
“For example, with the email addresses and specific details of user issues with the service such as in transactions and developer messages could allow bad actors to pose as game support and direct users to malicious websites where their credit card details can be stolen,” WizCase said.
“With data on how much money has been spent per account, these conmen could target the highest-paying users, many of whom are children judging by their game history, time spent in game, circle of friends in-game, etc. and have an even higher chance of success than they would otherwise,” according to the WizCase report published Wednesday.
Read more: ‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles | Threatpost
|