In the latest data breach developments, the data of more than 6 million players of the popular game Battle for the Galaxy was leaked following a misconfiguration in the cloud database.
Game Developer AMT misconfigured data of Battle for the Galaxy:
AMT Games, developer of Battle for the Galaxy, has produced numerous games, raking in millions of downloads. However, the Battle for the Galaxy data leak was found to have compromised 1.5 TB of data due to an Elasticsearch server.
Reportedly, security experts at WizCase had discovered the hoard containing data of 5.9 million player profiles, 2 million transactions, and 587,000 messages.
Data such as feature player IDs, usernames, country, total money spent on the game, and Facebook, Apple, or Google account data if the user linked these with their game account.
According to WizCase analysis for Battle for the Galaxy, feedback messages carry account IDs, user email IDs, and feedback ratings.
Consecutively, financial transaction data includes rates, items purchased, time of purchase, payment provider, and in certain cases, buyer IP addresses.
Malicious actors can mal-utilize sensitive data:
WizCase warned that “it is common for unethical hackers and criminals on the internet to use personal data to create trustworthy phishing emails. The more information they possess, the more believable these emails look.”
It went on add that confidential information such as email addresses and user issues with the service could enable bad actors to “pose as game support and direct users to malicious websites where their credit card details can be stolen.”
Security experts also warned of a scenario where it is not uncommon for malicious actors o the internet to steal and mal utilize sensitive, private data or information to establish believable and authentic-looking phishing emails.
Gamers and players of Battle for the Galaxy have been recommended to enter a minimal amount of data and personal information possible. This is especially applicable in a case where players are making a purchase on the platform or setting up an account where children are using the gaming application while using the parent’s cards.
In an attempt to receive a response regarding the massive data leak, sources have tried contacting the game developer organization AMT games however, no response was received.
Reportedly, the gaming organization then disabled access to the database.