• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Data Breach
  • AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Pierluigi Paganini June 03, 2021

WizCase’s security team discovered an unsecured ElasticSearch server owned by AMT Games which exposed 1.47 TB of data.

This leak exposed users’ email addresses, IP addresses, Facebook data, and more to potential attack. The leaked data numbers in the millions and was accessible to anyone who possessed the link. There was no need for a password or login credentials to access the information, and the data was not encrypted. The leak has since been secured.

What’s Happening?

AMT Games is a mobile and browser game developer based in China. Its free-to-play mobile game, Battle for the Galaxy, has millions of users in 103 countries, and the app can be found on Android, iPhone, Steam, and its own website as an in-browser game.

Our team of ethical hackers discovered an unsecured ElasticSearch server owned by AMT Games which exposed 1.47 TB of data. We tried to reach out to AMT games however we haven’t received a response, and access to the server was later disabled by AMT games.

What Data Was Leaked?

The AMT Games database leaked approximately 5.9 millions player profiles, 2 million transactions, and 587,000 feedback messages.

Feedback message data contained Account id, feedback rating given, and users’ email addresses.

Transaction data encompassed price, item purchased, time of purchase, payment provider, and in some cases IP address of the buyer. Payment providers included Google, Apple, Steam, Amazon, Samsung, Facebook, and more.

Player profile data included Player id; username; country; total money spent on the game; and even Facebook, Apple, and Google account data if the user linked either account with their game account. The leaked account data included in-game transaction history, user id, and username. In a sampling of the player profile data, the WizCase security team found that users could spend as much as $907 on the game via in-app microtransactions in the 10,000-player sample from 2019-2020 our team observed.

This sample revealed concerning patterns in the mobile game. Of the 10,000 players sampled, 8,552 users made 0 in-app purchases; 764 spent less than $1 on in-app purchases; 651 spent between $1 and $100 on in-app purchases, and 33 spent more than $100. That means .33% of users in the sample produced about 90% of the income in these transactions.

This sizable purchasing disparity isn’t just common in mobile games but encouraged. Users who spend large amounts of money on in-app purchases for mobile games are called “whales.” These users are prized and preyed on by mobile games to increase their profits. The use of gambling mechanics such as loot boxes or locking in-game progress behind increasingly-long timers which are reduced or eliminated by in-app purchases are just a couple of ways for these game publishers to siphon money from these whales. Whales are often tracked by publishers and heavily targeted with ads and special offers to increase the likelihood of purchase.

While we cannot comment on if Battle for the Galaxy specifically uses predatory business practices, these practices, especially loot boxes, are common in the bulk of free-to-play mobile games as well as console/PC games, like Overwatch, League of Legends, and Fortnite. Fortnite’s practices were so egregious that its publisher, Epic Games, was sued in 2019 and settled by giving away 1,000 of its in-game V-Bucks currency to claimants. Fortnite discontinued its loot box practices in 2019, revealing what users would be getting in the game’s Loot Llamas before purchase.

What Are the Risks and How to Protect Yourself

Scams, Phishing, and Malware: It is common for unethical hackers and criminals on the Internet to use personal data to create trustworthy phishing emails. The more information they possess, the more believable these emails look. For example, with the email addresses and specific details of user issues with the service such as in transactions and developer messages could allow bad actors to pose as game support and direct users to malicious websites where their credit card details can be stolen. With data on how much money has been spent per account, these conmen could target the highest-paying users, many of whom are children judging by their game history, time spent in game, circle of friends in-game, etc. and have an even higher chance of success than they would otherwise.

Corporate Espionage: With these emails, competing games could attempt to migrate or target users with advertising and email campaigns.

Unfortunately, the above list is not comprehensive, and cybercriminals are always generating new methods to exploit anyone vulnerable on the Internet. However, users have ways to protect themselves.

For future purposes, we recommend always inputting the bare minimum of information when making a purchase or setting up an account on the Internet. The less information you give hackers to work with, the less vulnerable you are to attack.

Though most email clients have methods to block spam and phishing attempts, they are not 100% effective. When receiving an unexpected email from a seemingly trustworthy source, do not open any attachments. Phishing emails often use scare tactics to force users to open the attachment. If you are ever unsure about an email from a trustworthy company, give them a call. This will usually let you verify whether the attachment is legitimate or not. A good antivirus program can also aid in protection from malware, trojans, and other dangers.

If you are a parent with a child who plays mobile games or games with predatory mechanics like loot boxes, it is recommended you do not give them access to your credit card. This will keep them safe from phishing scammers attempting to exploit them and you for profit. If your child wants to buy something from a game’s store, complete the process for them then delete your credit card information from your phone as soon as possible.

In cases of potential corporate espionage, companies should warn their clients of the breach as soon as possible to ensure their clients’ vigilance and safety.

Original post at: https://www.wizcase.com/blog/amt-games-leak/

About the author: Chase Williams

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, AMT Games)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

AMT Games Cybersecurity cybersecurity news data lea Hacking hacking news information security news Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini July 27, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55
Read more
Pierluigi Paganini July 27, 2025
Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

    Malware / July 27, 2025

    Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 27, 2025

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT