Leaking data

It seems like we can’t get a break from the constant leaks lately. Now, a Chinese Android game developer called EskyFun has potentially leaked the data of approximately one million users through an exposed server containing 134GB of data.

In a report shared with ZDNet by vpnMentor’s security researchers, it was noted that the developer of games like Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok had a server with all kinds of information on its users that wasn’t properly locked down.

The games in question have been downloaded more than 1.6 million times, which is where the estimated one million user figure comes from. The data contained 365,630,387 records from June 2021 onward.

The most troubling part of the leak is the sort of information contained. EskyFun has what the team at vpnMentor calls “aggressive and deeply troubling tracking, analytics, and permissions settings.” That means the company was collecting far more data than seemed necessary for a mobile game.

Some of the data collected include IMEI numbers, IP addresses, device information, phone numbers, the OS in use, mobile device event logs, whether or not a handset was rooted, email addresses, purchase records for the game, account passwords stored in plaintext, and support requests. It’s a shocking amount of data that was apparently left out in the open.

The team of researchers spoke about the issue and said, “Much of this data was incredibly sensitive, and there was no need for a video game company to be keeping such detailed files on its users. Furthermore, by not securing the data, EskyFun potentially exposed over one million people to fraud, hacking, and much worse.”

There were multiple attempts to reach EskyFun about the hole by the researchers, and when they didn’t receive a response, they ultimately had to reach out to Hong Kong CERT to secure the server. As of July 28, the hole was closed, but the damage may have already been done.

The Best VPN Services of 2023

Best Overall VPN
Private Internet Access
Best Budget VPN
Private Internet Access
Best VPN for Windows
Best Free VPN
Proton VPN
Best VPN for iPhone
Proton VPN
Best VPN for Android
Best VPN for Streaming
Best VPN for Gaming
Best VPN for Torrenting
Best VPN for China
Mullvad VPN
Best VPN for Privacy
Mullvad VPN
Profile Photo for Dave LeClair Dave LeClair
Dave LeClair was the News Editor for How-To Geek. He is now a Mobile Analyst for PCMag. Dave started writing about technology more than 10 years ago. He's written articles for publications like MakeUseOf, Android Authority, Digital Trends, and plenty of others. He's also appeared in and edited videos for various YouTube channels around the web.
Read Full Bio »