An Elasticsearch server holding personal data of 6 million players of the popular mobile game Battle for the Galaxy was discovered to be exposed to the Internet and contained over 1 terabyte of unencrypted data, meaning anyone with a link could access data stored in the repository. A group of ethical hackers from WizCase found the data and responsibly alerted AMT games, the publisher of Battle of the Galaxy, that the gamer data was exposed. According to WizCase, AMT games has not responded to them, but the leaky server is now secure. Battle for the Galaxy is available for Android and iOS devices, via the Steam gaming platform and through the game publisher’s browser-based version of the game. WizCase stated that 1.47 terabytes of data was left vulnerable. The stockpile included 5.9 million player profiles, 2 million transactions and 587,000 feedback messages. Feedback massages included account IDs, email addresses, in-game purchase prices and payment providers. Pulled together, this database could provide a rich set of data for cybercriminals to hone their phishing emails to make them look legitimate.