Millions of mobile game users affected by massive data breach

WizCase researchers discovered an unprotected Elasticsearch server belonging to the company AMT Games, which exposed about 1.5 TB of data. The leak includes sensitive logs such as IP addresses, Facebook data and other details.

The leak accumulates millions of compromised data that remained within reach of anyone interested without the need to use a password and without encryption. Since then, the database has been secured.

AMT Games is a mobile game development and web browser development firm based in China. Battle for the Galaxy, one of its most popular developments, has millions of users in more than 100 countries and is available for Android, iPhone, Steam and its own website.

The AMT Games database contained approximately 5.9 million player profiles, 2 million transactions, and nearly 600,000 support and feedback messages. Feedback message data included the account ID, feedback rating, and users’ email addresses. These logs also include details such as device type, operating system, and transaction amount.

Moreover, the profiles of each player contain information such as username, country of origin, total amounts spent on this platform and account data on Facebook and Google. In a sample of the player profile data, the WizCase security team discovered that a user spent up to $907 thousand USD on the game through microtransactions in the app.

The researchers took a sample of 10 thousand random records, discovering some patterns that should worry any user of this kind of games. Of the 10 thousand records analyzed, 8 thousand 552 users use the game without making in-app purchases; 764 have spent less than $1 USD; 651 spent between $1 USD and $100 USD and 33 only spent more than $100 USD. That means that just 0.33% of sample users produce nearly 90% of the revenue in these transactions.

Like other similar incidents, this leak exposes ATM Games users to phishing scams, corporate spying, social engineering campaigns and email spam, so it is necessary for affected users to remain vigilant for any attack attempts.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.