New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Game Golf App Leaves a Large Amount of Data Exposed on Unprotected Database

The Game Golf app belongs to a privately held company based in San Francisco, California and has more than 50,000 downloads on Google Play. The platform provides GPS tracking, course information, and player statistics on the free version, there is also a paid version that gives players swing lessons. A Security researcher found an Elastic database on April 1st that was completely open and included around 218 thousand names, app passwords, emails, usernames, and messages as well as other data. It was also discovered that some users provided their Facebook login credentials as a means of signing up for the app, leaving that information exposed as well. In total, there were “134 million rounds of golf, 4.9 million user notifications and 19.2 million records in a folder called ‘activity feed,” said researchers. On top of all this information about the company that created the app could also be found. This involved IP addresses, ports, pathways and storage info which could allow for someone with the right tools and skills to tamper with the network. No information has been found on whether or not the information fell into the wrong hands and it is not known how long it had been exposed for, but as of April 16th, the database was no longer available. Game Your Game Inc. has yet to respond to the incident even though they’ve been reached out to multiple times. If the company has not reached out to users who could have been affected, they may land themselves in some hot water because California law requires a business to notify any California resident whose unencrypted personal information was potentially exposed.

Analyst Notes

Since emails were included in the breach it is advised to be on the lookout for increased phishing attempts. Many times, these attempts go unnoticed which leave users in a bad spot. Users should look for clues such as unfamiliar senders as well as miss spellings within the body of the email. Also, since Facebook credentials were used by some users to log in to the app, they should immediately change their account information and consider using 2FA as an extra layer of security.