An Elasticsearch server holding personal data of 6 million players of the popular mobile game Battle for the Galaxy was discovered to be exposed to the Internet and contained over 1 terabyte of unencrypted data, meaning anyone with a link could access data stored in the repository. A group of ethical hackers from WizCase found the data and responsibly alerted AMT games, the publisher of Battle of the Galaxy, that the gamer data was exposed. According to WizCase, AMT games has not responded to them, but the leaky server is now secure. Battle for the Galaxy is available for Android and iOS devices, via the Steam gaming platform and through the game publisher’s browser-based version of the game. WizCase stated that 1.47 terabytes of data was left vulnerable. The stockpile included 5.9 million player profiles, 2 million transactions and 587,000 feedback messages. Feedback massages included account IDs, email addresses, in-game purchase prices and payment providers. Pulled together, this database could provide a rich set of data for cybercriminals to hone their phishing emails to make them look legitimate.
WizCase stated, “We recommend always inputting the bare minimum of information when making a purchase or setting up an account on the internet, The less information you give hackers to work with, the less vulnerable you are to attack.” It is highly advised that users should change their login credentials immediately and create complex passwords that are unique to the login. Passwords should never be shared with any other login that the person uses. There are a multitude of password managers available that will help people keep track of their passwords.