According ZDnet, the Chinese developers of popular Android gaming apps exposed information belonging to users through an unsecured server.
Users of the following games were involved in the data leak: Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok. Together, they account for over 1.6 million downloads.
Pravin Rasiah, VP of Product, CloudSphere shared insights on the incident.
“Data leaks occur much more frequently than people may expect, however, companies storing sensitive customer information have an obligation to ensure that proper security and governance guardrails are in place. Far too often, enterprises don’t have a good understanding of what their applications are hosted on within their environments, the business functions that are supported and the nature of the data stored within these apps and databases. The lack of this context coupled with poor configurations at a network level (e.g. exposing it directly to the internet) while failing to require authorization to gain access is a disastrous combination.
When a server is left exposed, customer information becomes vulnerable to cybercriminals who can leverage this data for a multitude of malicious purposes, including launching highly targeted phishing attacks and brute force attacks against other organizations. In this instance, because passwords were stored in plain text, bad actors could also use this login information to attempt to gain access to users’ other accounts, since many people use the same password across many different platforms.
To keep user data out of the hands of cybercriminals, companies should leverage platforms that provide holistic visibility into their environments as well as governance to ensure proper structure, processes and support. With a comprehensive assessment of the applications hosted within their cloud environment, companies can safely operate without putting customer data at risk.”