Leaked information of more than a million gamers playing this popular Android game

The developers of the popular Chinese Android game app exposed users' information through an insecure server.

vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, revealed that EskyFun leaked gamers' information through a 134GB server. Player information is publicly posted online.

EskyFun is an Android game publisher from China, which has many popular Android games, including Rainbow Story: Fantasy MMORPG, Adventure Story, The Legend of the Three Kingdoms and Metamorph M.

On August 27, the team revealed that players of the following games were involved in the data leak: Rainbow Story: Fantasy MMORPG (over 500,000 downloads), Metamorph M (over 100,000 downloads) and Dynasty Heroes : Legends of Samkok (over 1 million downloads). In total, they have more than 1.6 million downloads.

Notably, there are 365,630,278 records detailing player data from June 2021 to present. The team notes that there is no reason for a video game company to keep detailed files about their game players.

According to vpnMentor, developers force players to grant permission to track and analyze games when downloading and installing games, resulting in a large amount of information being collected, more than we think.

Leaked information of more than a million gamers playing this popular Android game Picture 1Leaked information of more than a million gamers playing this popular Android game Picture 1

The logs contain IP and IMEI numbers, device information, phone number, operating system in use, event logs on the phone, game purchase and transaction notifications, email addresses, account passwords EskyFun, request support and other data.

vpnMentor believes that there may be more than a million gamers whose information has been exposed.

On July 5, vpnMentor discovered the server was not secure and contacted EskyFun two days later. However, EskyFun did not respond so on July 27, vpnMentor contacted again. After that, the EskyFun side remained silent, forcing vpnMentor to contact Hong Kong CERT (Hong Kong Cyber ​​Emergency Response Center) and the server was secured on July 28.

"Much of this data is extremely sensitive and it is not necessary for the video game company to keep such details of user information. Furthermore, by not securing the data, EskyFun has the potential to expose more than one user. million people get scammed, hacked and worse," the analysts shared.

4 ★ | 2 Vote