14 DAY TRIAL // A vpnMentor investigation found that a 134 GB server owned by EskyFun is exposed and user data was leaked for game titles such as Metamorph M, The Three Kingdoms Legend, Adventure Story, Rainbow Story, and Fantasy MMORPG.
The aforementioned games were downloaded 1.6 million times, whereas the leaked information had more than 365 million records. An intriguing aspect is that developers increased the amount of analytics, monitoring and authorization options available for the games, some needing more permissions even before they were installed.
Data disclosed includes IP and IMEI numbers, mobile device event logs, device information, phone numbers, EskyFun network passwords, current operating system, rooted or otherwise rooted phones, player acquisition and transaction reports, mailing, and support requests. Various data points were also used to identify profile individuals as well as two vulnerable groups, such as teenagers and accounts with large amounts of money, the researchers said.
Poor cyber security implementation is highly likely to result in data leaks
It goes without saying that there are numerous consequences to leaking such details on the web. For starters, thousands of users are at risk of receiving phishing emails claiming to be from the EskyFun helpline using the stolen email address. At the same time, the payment system is completely compromised as threat actors can send fake gateways to steal credit card information.
Moreover, hackers can determine users to click various URLs and gain complete control of the targeted device or infect it with viruses, ransomware, spyware or tracking software.Given the sheer amount of data stolen, it's relatively easy for a good threat actor to appear legitimate and gain trust among EskyFun users.
What's sad is that the incident could have been avoided if EskyFun implemented some basic security measures, such as configuring access rules, enhancing authentication and securing the servers, for instance..