Battle for the Galaxy’s developer inadvertently leaked over six million player profiles. The issue stems from a misconfigured cloud database.
AMT Games, A Chinese game developer of the popular title Battle for the Galaxy and a lineup of titles for the iOS and Android platforms, exposed 1.5TB of data through an exposed Elasticsearch server.
A massive database containing nearly 6 million player profiles, 2 million transactions, and about 600,000 feedback messages were discovered by a research team from a reviews website WizCase.
Players’ IDs, usernames, country, Facebook, Apple or Google account data, and total money spent on the game may have been exposed. Price, item purchased, time of purchase, and payment provider maye have leaked with transaction data. In addition, account IDs and email addresses are usually part of a feedback message, according to WizCase. All this trove of data has been up for grabs to any hacker who could sniff it.
The firm said that data was exposed due to the failure to secure databases. It warned that it could have been collected by opportunistic criminals looking for misconfigured databases.
WizCase warned that criminals are increasingly resorting to using personal data to create fraudulent phishing emails:
“it is common for unethical hackers and criminals on the internet to use personal data to create trustworthy phishing emails. The more information they possess, the more believable these emails look.”
Data on how much money users have spent on the site could help fraudsters identify the biggest spenders and target them, it added.
WizCase said that the such information collected as email addresses and user issues with the service could be used by bad actors to impersonate game support and direct victims to phishing websites to steal credit card data.
AMT Games did not respond to the WizCase‘s email asking for more details about the breach.