A Chinese mobile game publisher is storing the personal information of gamers on an unsecured server, leaving them open to fraud and hacks, researchers of cybersecurity firm vpnMentor said in a recent report.
The research team at vpnMentor discovered an unsecured server utilized by EskyFun, a mobile gaming company behind several popular titles. The company is storing gamers’ IP addresses, phone numbers, email addresses and device details on the unprotected server.
This information was contained in rolling seven-day data sets for three games published by EskyFun, totaling more than 360 million pieces of data during vpnMentor’s examination. “This is an enormous amount of data collected from a few small, not well-known mobile games,” the research team said.
The three games in question are Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok. Altogether, they have garnered 1.5 million downloads by Android users.
VpnMentor claimed that the reason for the vast amount of data exposed “appears to be EskyFun’s aggressive and deeply troubling tracking, analytics, and permission settings.” Most players are not aware how much data and access they provide to mobile game developers just by downloading a game, and EskyFun was harvesting vast amounts of data from players, said the report.
Most of the collected data is unnecessary for the games to function, and “there was no need for a video game company to be keeping such detailed files on its users,” according to vpnMentor’s report.
By not securing its users’ data, EskyFun is exposing, at a minimum, its 1 million users to potential cyberattacks. “The unsecured data could result in fraud, hacking, and potentially more,” the research team said.
The researchers offered several examples of the improper use of the data collected by EskyFun. “Combining a user’s email address, gaming history, and support requests, hackers could send thousands of phishing emails posing as EskyFun’s support.” Also, hackers can identify vulnerable users by building profiles based on the data from the server. By focusing on high-paying users and children, hackers could reap huge financial rewards from a small group of victims.