Chinese Developer Exposes Data on Over One Million Gamers
Chinese game developer EskyFun Entertainment Network Limited accidentally exposed the personal and device details of over one million players after leaving an internet-facing server unsecured. Researchers at vpnMentor first discovered the unprotected Elasticsearch server on July 5. After no reply from the parent company, they contacted the Hong Kong CERT instead. Just one day later, the database was secured. The database consisted of 134GB and 365 million records linked to players of the games Rainbow Story, Dynasty Heroes, Legends of Samkok, and more.
The giant collection of user records was even more valuable as it was extremely recent and up-to-date information. The company only collected a rolling log of the previous seven days, and anything older was automatically deleted to have room for fresh data. The information exposed via the unsecured server included IP addresses, device models, phone numbers, geolocations, and buyer account IDs. VpnMentor also found over 217 million email addresses and plaintext passwords.