Chinese Game Developer Exposes Data Belonging to Million Android Gamers

Chinese Game Developer Exposes Data Belonging to Million Android Gamers

The developers of popular Android gaming apps in China exposed sensitive information of users through an unsecured server, security researchers revealed.

The vpnMentor’s cybersecurity team, led by Noam Rotem and Ran Locar, revealed that EskyFun exposes a 134 GB server with highly sensitive information publicly available online.

Eskyfun is the Chinese developer of Android games such as Rainbow Story: Fantasy MMORPG, The Legend of The Three Kingdoms, and Adventure Story.

The vpnMentor’s team revealed that the data leak affected users of several games, including Metamorph M, Dynasty Heroes: Legends of Samkok, and Rainbow Story, totaling over 1.6 million downloads.

vpnMentor said that the records included details about users’ activities from June 2021 onward, all in all 365,630,387 records.

The team says that the developers’ practices have raised concerns about the amount of data that they collect due to “aggressive and deeply troubling tracking, analytics, and permissions settings.” Normally, you would not expect mobile games to collect such types of data.

The records included details about the devices used, their IMEI numbers, game purchases, transaction reports, and the OS used. They also contained email addresses and EskyFun account passwords stored in plaintext.

vpnMentor believes that up to a million users’ information was exposed.

The incident was discovered on July 5. It was then reported to EskyFun on July 7 and 27. EskyFun was unresponsive according to vpnMentor.

“Much of this data was incredibly sensitive, and there was no need for a video game company to be keeping such detailed files on its users,” the researchers commented. “Furthermore, by not securing the data, EskyFun potentially exposed over one million people to fraud, hacking, and much worse.”

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.