Leaking data
posteriori/Shutterstock.com

It seems like we can’t get a break from the constant leaks lately. Now, a Chinese Android game developer called EskyFun has potentially leaked the data of approximately one million users through an exposed server containing 134GB of data.

In a report shared with ZDNet by vpnMentor’s security researchers, it was noted that the developer of games like Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok had a server with all kinds of information on its users that wasn’t properly locked down.

The games in question have been downloaded more than 1.6 million times, which is where the estimated one million user figure comes from. The data contained 365,630,387 records from June 2021 onward.

The most troubling part of the leak is the sort of information contained. EskyFun has what the team at vpnMentor calls “aggressive and deeply troubling tracking, analytics, and permissions settings.” That means the company was collecting far more data than seemed necessary for a mobile game.

Some of the data collected include IMEI numbers, IP addresses, device information, phone numbers, the OS in use, mobile device event logs, whether or not a handset was rooted, email addresses, purchase records for the game, account passwords stored in plaintext, and support requests. It’s a shocking amount of data that was apparently left out in the open.

Advertisement

The team of researchers spoke about the issue and said, “Much of this data was incredibly sensitive, and there was no need for a video game company to be keeping such detailed files on its users. Furthermore, by not securing the data, EskyFun potentially exposed over one million people to fraud, hacking, and much worse.”

There were multiple attempts to reach EskyFun about the hole by the researchers, and when they didn’t receive a response, they ultimately had to reach out to Hong Kong CERT to secure the server. As of July 28, the hole was closed, but the damage may have already been done.

The Best VPN Services of 2021 for Netflix, Privacy, and More

Best Overall VPN
ExpressVPN
Best Budget VPN
SurfShark
Best Free VPN
Windscribe
Best VPN for iPhone
ProtonVPN
Best VPN for Android
Hide.me
Best VPN for Streaming
ExpressVPN
Best VPN for Gaming
Private Internet Access
Best VPN for Torrenting
NordVPN
Best VPN for Windows
CyberGhost
Best VPN for China
VyprVPN
Best VPN for Privacy
Mullvad VPN
Dave LeClair Dave LeClair
Dave LeClair is the News Editor for How-To Geek. He started writing about technology more than 10 years ago. He's written articles for publications like MakeUseOf, Android Authority, Digitial Trends, and plenty of others. He's also appeared in and edited videos for various YouTube channels around the web.
Read Full Bio »

The above article may contain affiliate links, which help support How-To Geek.