A game developer who goes by the name of “Million” has leaked the data of millions of users on the Android platform. The data includes user names, email addresses, and phone numbers. Million says that he did this in order to raise awareness about the security risks posed by Android apps. Million says that he first became aware of the security risks posed by Android apps when he was targeted by a scam app. The scam app was able to access his personal information, including his email address and phone number. Million believes that this is only the beginning of the security risks posed by Android apps. Android is a popular mobile operating system used by millions of people around the world. However, it is also popular with scammers and hackers who want to steal your personal information. If you are using an Android device, it is important to be aware of the security risks posed by apps and to take steps to protect yourself ..
In a report shared with ZDNet by vpnMentor’s security researchers, it was noted that the developer of games like Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok had a server with all kinds of information on its users that wasn’t properly locked down.
The games in question have been downloaded more than 1.6 million times, which is where the estimated one million user figure comes from. The data contained 365,630,387 records from June 2021 onward.
The most troubling part of the leak is the sort of information contained. EskyFun has what the team at vpnMentor calls “aggressive and deeply troubling tracking, analytics, and permissions settings.” That means the company was collecting far more data than seemed necessary for a mobile game.
Some of the data collected include IMEI numbers, IP addresses, device information, phone numbers, the OS in use, mobile device event logs, whether or not a handset was rooted, email addresses, purchase records for the game, account passwords stored in plaintext, and support requests. It’s a shocking amount of data that was apparently left out in the open.
The team of researchers spoke about the issue and said, “Much of this data was incredibly sensitive, and there was no need for a video game company to be keeping such detailed files on its users. Furthermore, by not securing the data, EskyFun potentially exposed over one million people to fraud, hacking, and much worse.”
There were multiple attempts to reach EskyFun about the hole by the researchers, and when they didn’t receive a response, they ultimately had to reach out to Hong Kong CERT to secure the server. As of July 28, the hole was closed, but the damage may have already been done.
