The Chinese developers of popular Android gaming apps exposed information belonging to users through an unsecured server
In
a report shared with ZDNet, vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, revealed EskyFun as the owner of a 134GB server exposed and made public online.
EskyFun is the developer of Android games including Rainbow Story: Fantasy MMORPG, Adventure Story, The Legend of the Three Kingdoms, and Metamorph M.
On Thursday, the team said that users of the following games were involved in the data leak: Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok. Together, they account for over 1.6 million downloads.
In total, the team said that an alleged 365,630,387 records contained data from June 2021 onward, leaking user data collected on a seven-day rolling system.
The team says that the developers impose "aggressive and deeply troubling tracking, analytics, and permissions settings" when their software is downloaded and installed, and as a result, the variety of data collected was, perhaps, far more than you would expect mobile games to require.