Popular Chinese game exposed over 1 million Android gamer’s data vPnMentor’s research team discovered a data breach belonging to Chinese mobile gaming company EskyFun. EskyFun was using an unsecured server to store vast amounts of data collected from users on its games. Much of this data was incredibly sensitive, and there was no need for a video game company to be keeping such detailed files on its users. Furthermore, by not securing the data, EskyFun potentially exposed over 1 million people to fraud, hacking, and much worse. EskyFun Entertainment Network Limited is a Chinese mobile game publisher with numerous gaming titles available on Android. Their games are a mix of role-playing and fantasy adventures that, combined, have over 1,500,000 downloads. The EskyFun games affected in this data leak were: Rainbow Story: Fantasy MMORPG (500,000+ downloads); Metamorph M (100,000+ downloads); Dynasty Heroes: Legends of Samkok (1,000,000+ downloads). vpnMentor discovered EskyFun’s unsecured database in early July. Once they had confirmed the details of the leak, and EskyFun as the responsible party, they reached out to the company immediately. After a couple of weeks with no reply, they sent a follow-up email and contacted the Hong Kong CERT.* Hong Kong CERT was rapid and proactive in its response, seeking additional information to take appropriate measures. However, at this point, the database was secured, and the breach had been closed. The records included IP and IMEI numbers, device information, phone numbers, the OS in use, mobile device event logs, whether or not a handset was rooted; game purchase and transaction reports, email addresses, EskyFun account passwords stored in plaintext, and support requests, among other data. Runtime Logs: 217M+ Run time logs contained all kinds of data, some of which were incredibly sensitive. Even in the small sample, the team still found the following records on users: – Email addresses – Plain text passwords for EskyFun accounts – Support requests – Much more Tracking Records: 15M+ EskyFun’s game apps appeared to track any actions taken while they’re open. The resulting records contained a lot of sensitive information, including: – IP address – IMEI number – Mobile application package doing the tracking – Device screen size – whether a device is ‘rooted’* – Device model – Phone number (if any) – Platform (Android/iOS) – NetType (WiFi or cellular) – Events (open,login,level_up, etc) For complete details visit the vpnMentor’s blog What's your reaction? More in: uncategorized [Toyota: 700,000 Cars Called to Workshop Due to Fuel Pump Problems] [Apple increases OLED display orders to meet iPhone’s strong demand] [OnePlus 7T is official: 90Hz AMOLED screen with android 10 Pre-installed] [Apple Watch fall detection saved the life of a cyclist]
