Security News > 2021 > June > ‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles
An Elasticsearch server holding personal data of 6 million players of the popular mobile game Battle for the Galaxy was discovered insecure and containing over 1 terabyte of unencrypted data, meaning anyone with a link could access data stored on the repository.
Battle for the Galaxy is available for Android and iOS devices, via the Steam gaming platform and also through the game publisher's browser-based version of the game.
The game follows the open world format, allowing players build worlds and armies that can be directed to battle other user armies.
"With data on how much money has been spent per account, these conmen could target the highest-paying users, many of whom are children judging by their game history, time spent in game, circle of friends in-game, etc. and have an even higher chance of success than they would otherwise," according to the WizCase report published Wednesday.
"While we cannot comment on if Battle for the Galaxy specifically uses predatory business practices, these practices, especially loot boxes, are common in the bulk of free-to-play mobile games as well as console/PC games, like Overwatch, League of Legends, and Fortnite. Fortnite's practices were so egregious that its publisher, Epic Games, was sued in 2019 and settled by giving away 1,000 of its in-game V-Bucks currency to claimants. Fortnite discontinued its loot box practices in 2019, revealing what users would be getting in the game's Loot Llamas before purchase," WizCase wrote.
Last October, the game Among Us was temporarily shut down by an attacker named Eris Loris who spammed players until the game was unplayable.