Site icon TechNewsBoy.com

Chinese developers expose data belonging to Android gamers | ZDNet

The Chinese developers of popular Android gaming apps exposed information belonging to users through an unsecured server.

In a report shared with ZDNet, vpnMentor’s cybersecurity team, led by Noam Rotem and Ran Locar, revealed EskyFun as the owner of a 134GB server exposed and made public online.

EskyFun is the developer of Android games including Rainbow Story: Fantasy MMORPG, Adventure Story, The Legend of the Three Kingdoms, and Metamorph M.

On Thursday, the team said that users of the following games were involved in the data leak: Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok. Together, they account for over 1.6 million downloads.  

In total, the team said that an alleged 365,630,387 records contained data from June 2021 onward, leaking user data collected on a seven-day rolling system.

The team says that the developers impose “aggressive and deeply troubling tracking, analytics, and permissions settings” when their software is downloaded and installed, and as a result, the variety of data collected was, perhaps, far more than you would expect mobile games to require. 

The records included IP and IMEI numbers, device information, phone numbers, the OS in use, mobile device event logs, whether or not a handset was rooted; game purchase and transaction reports, email addresses, EskyFun account passwords stored in plaintext, and support requests, among other data. 


vpnMentor

vpnMentor suspects that up to, or more than, one million users may have had their information exposed. 

The unsecured server was discovered on July 5 and EskyFun was contacted two days later. However, after receiving no response, vpnMentor made a second attempt on July 27. 

Continued silence required the team to also reach out to Hong Kong CERT and the server was secured on July 28. 

“Much of this data was incredibly sensitive, and there was no need for a video game company to be keeping such detailed files on its users,” the researchers commented. “Furthermore, by not securing the data, EskyFun potentially exposed over one million people to fraud, hacking, and much worse.”

ZDNet has reached out to EskyFun and we will update when we hear back.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version