A Million Users’ Data Leaked by Android Game Developer
We do not seem to be able to break from continuous leakage lately. Now, a Chinese developer for Android games named EskyFun could leak data from around 1 million users via an exposed 134GB server.
In a report shared by security scientists from the VPNMENTOR project with ZDNet, the developer of games like Rainbow Story: Fantasy MMORPG, MetamorphM, and Dynasty Heroes: Samkok Legends has a server that does not properly lock all kinds of information about its users.
The most troubling part of the leak is the kind of information. EskyFun is called by the vpnMentor team to provide “aggressive and extremely troubled tracking-, analyzing- and permission settings.” The company collected much more information than it seemed necessary to do on a mobile game.
Some of the collected details include IMEI numbers, IP addresses, device information, telephone numbers, the operating system in use, phone or other mobile device event logs, email addresses, game buying logs, plaintext and support applications. There seemed to be a shocking amount of data left open.
The team discussed the issue and said, “Many of these data were incredibly sensitive and a company of video players did not need to maintain these detailed files. Furthermore, EskyFun could have brought fraud, hacking and much worse to more than one million people without the data security system.”
Researchers have several times tried to reach Eskyfun, and had to reach CERT in Hong Kong to secure the server if no response was received. By 28 July, the hole was closed but damage was already possible.