Unsecured Elasticsearch Database Exposes Dungeon Crusher Players’ Purchase Data
Dungeon Crusher Cybersecurity Incident Exposes Sensitive Player Data
A recent cybersecurity incident has compromised sensitive data belonging to players of the popular role-playing game, Dungeon Crusher. An unsecured Elasticsearch database was discovered to be leaking a vast amount of player information, including partial purchase data and in-game chat logs.
Exposed Data
According to a report by Cybernews, the exposed database contained approximately 24.5 million records of in-game messages, complete with timestamps and message content. Furthermore, an analysis of the leaked data revealed that 151,000 of the 198,000 web purchase records included sensitive information such as IP addresses, partial credit card numbers, addresses, and purchase location details.
In addition, over 20,000 records linked to in-game purchases were found to be exposed, containing transaction status and dates, payment currency, Steam identifiers, and order and item IDs. A further 65,500 purchase records made through mobile app stores were also compromised.
Incident Response
Consequences and Recommendations
The researchers warned that the leaked data could be exploited for various malicious purposes, including fraud, targeted phishing, identity theft, and future attacks.
The incident highlights the importance of proper data security measures, particularly when dealing with sensitive information. In this case, the misconfigured Elasticsearch instance allowed unauthorized access to a vast amount of player data, potentially putting the affected individuals at risk of financial and personal harm.
The incident serves as a reminder to companies to prioritize data security and ensure that their systems are properly configured to prevent such breaches. It also underscores the need for individuals to be vigilant and take steps to protect their personal information, particularly when engaging with online services.
About Author
English