An unprotected server hosting AMT Games user data has been discovered by security researchers at WizCase. The researchers found that the Elasticsearch server contained the personal data of 6 million players of AMT’s popular game Battle for the Galaxy. The server contained over 1 terabyte of unencrypted data, meaning that anyone who stumbled upon the data could access the information stored on the repository. AMT Games has not released a statement or responded to the issue, however, the server has now been secured. Battle for the Galaxy is offered through the Steam gaming platform and allows users to build worlds and armies.
The stockpile of data uncovered by WizCase included 5.9 million user profiles, 2 million transactions, and 587,000 feedback messages. Feedback messages included more information such as account IDs, email addresses, in-game purchase prices, and payment providers. Security experts state that this information could lead to highly convincing phishing attacks crafted by cybercriminals with access to the data. WizCase stated that, for example, using data such as email addresses and specific details of user issues, a cybercriminal could pose as AMT Games support and direct users to malicious websites or links.
Read More: ‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles