‘AMT Games’ Exposed Millions of Players’ Data via an Unprotected Database
- ‘AMT Games’ left an ElasticSearch instance unprotected online and exposed 1.47 TB of data.
- The company is making very popular mobile games that enjoy millions of downloads and impressive revenues.
- The consequences of this exposure include scamming, phishing, spamming, targeted advertising, and account hacking.
‘AMT Games,’ a Chinese developer of several popular RTS games for Android and iOS, has failed to secure its ElasticSearch server properly, irreversibly exposing 1.47 TB of sensitive data to anyone with a web browser and a valid URL. The discovery comes from the security team of WizCase, who tried to reach AMT Games to warn the firm about the lapse but hasn't received a response. The instance was eventually taken offline, but the exposure period was long enough to call this a data breach without a doubt.
The details that have been leaked include the following:
- Player id
- Username
- Country
- Total money spent on the game
- Facebook, Apple, and Google account data
- Social media account link status
- In-game transaction history
- IP address of the buyer
- Payment providers used
- Feedback rating
- User email address
All in all, scammers, phishing actors, spammers, account hackers, and social engineering specialists would have many ways to use the above details, so if you have played one of ‘AMT Games’ titles in the past, you should be aware of the increased possibility to be approached by crooks now. Some notable titles of the firm include ‘Heroes of War,’ ‘Battle for the Galaxy,’ and ‘Epic War TD 2.’
In addition to that, because the transaction data is so rich in detail, other game publishers will likely attempt to approach and lure the so-called “whales” into their ecosystem through ad bombardment or special offers. These players are highly valued and sought-after in the industry, as they play a pivotal role in the revenue of game titles.
If you are playing mobile games that you enjoy and would like to buy something, you are advised to use safe payment methods and remove them as soon as the transaction is over. Using credit cards isn’t preferable, and in this case, we see how easily this data could have been exposed. The trouble of something like that is far too great to compare with the enjoyment that comes from purchasing in-game items.