08-26-2021 , 11:49 PM
https://www.zdnet.com/article/chinese-de...RSSbaffb68
Chinese developers expose data belonging to Android gamers
In the end, Hong Kong CERT was contacted in an attempt to resolve the security issue.
Charlie Osborne
By Charlie Osborne for Zero Day | August 26, 2021 -- 16:34 GMT (09:34 PDT) | Topic: Security
The Chinese developers of popular Android gaming apps exposed information belonging to users through an unsecured server. In a report shared with ZDNet, vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, revealed EskyFun as the owner of a 134GB server exposed and made public online.
EskyFun is the developer of Android games including Rainbow Story: Fantasy MMORPG, Adventure Story, The Legend of the Three Kingdoms, and Metamorph M.
On Thursday, the team said that users of the following games were involved in the data leak: Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok. Together, they account for over 1.6 million downloads.
In total, the team said that an alleged 365,630,387 records contained data from June 2021 onward, leaking user data collected on a seven-day rolling system.
The team says that the developers impose "aggressive and deeply troubling tracking, analytics, and permissions settings" when their software is downloaded and installed, and as a result, the variety of data collected was, perhaps, far more than you would expect mobile games to require.
The records included IP and IMEI numbers, device information, phone numbers, the OS in use, mobile device event logs, whether or not a handset was rooted; game purchase and transaction reports, email addresses, EskyFun account passwords stored in plaintext, and support requests, among other data.
Chinese developers expose data belonging to Android gamers
In the end, Hong Kong CERT was contacted in an attempt to resolve the security issue.
Charlie Osborne
By Charlie Osborne for Zero Day | August 26, 2021 -- 16:34 GMT (09:34 PDT) | Topic: Security
The Chinese developers of popular Android gaming apps exposed information belonging to users through an unsecured server. In a report shared with ZDNet, vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, revealed EskyFun as the owner of a 134GB server exposed and made public online.
EskyFun is the developer of Android games including Rainbow Story: Fantasy MMORPG, Adventure Story, The Legend of the Three Kingdoms, and Metamorph M.
On Thursday, the team said that users of the following games were involved in the data leak: Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok. Together, they account for over 1.6 million downloads.
In total, the team said that an alleged 365,630,387 records contained data from June 2021 onward, leaking user data collected on a seven-day rolling system.
The team says that the developers impose "aggressive and deeply troubling tracking, analytics, and permissions settings" when their software is downloaded and installed, and as a result, the variety of data collected was, perhaps, far more than you would expect mobile games to require.
The records included IP and IMEI numbers, device information, phone numbers, the OS in use, mobile device event logs, whether or not a handset was rooted; game purchase and transaction reports, email addresses, EskyFun account passwords stored in plaintext, and support requests, among other data.