Young man playing a mobile game, sitting forward on a couch in a living room

One million Android gamers at risk following data breach

Recently published research from vpnMentor has revealed that over one million Android gamers are at risk following a significant data breach.

The breach in question involves Chinese game developer EskyFun, responsible for a range of hugely popular mobile games, including Dynasty Heroes: Legends of Samkok and Rainbow Story: Fantasy MMORPG.

What happened in the EskyFun breach?

Unlike some recent gaming-related data breaches, including those suffered by Electronic Arts (EA) this year , the EskyFun breach hasn’t directly impacted the company’s ability to develop games or players’ ability to enjoy them.

Instead, this breach has seen hackers gain access to an unsecured server where EskyFun stored a vast catalogue of data collected from users who play their games. It has been reported that the data breach included sensitive data, leaving affected users at risk of being a victim of fraud, hacking, or the target of a ransomware attack. The server in question reportedly contained over 134GB of data and over 365 million data records.

Questions being asked following EskyFun breach

Microtransactions are an increasingly vital pillar of the gaming experience for many. Given that these microtransactions include sharing credit card details, it is unsurprising gamers and game developers are an increasingly frequent target for cybercriminals.

However, there will still be questions asked of EskyFun, despite it being unlikely that gamers outside of China will be able to pursue action against the company.

The questions EskyFun will need to answer include:

  • Why was an unsecured server being used to store sensitive user data?
  • Why was a lot of the data being collected when there was no real reason for doing so?
  • Do players know how data is collected and what specific data is collected?
  • With which parties has data been shared?

Any local investigation is also likely to focus on the action taken by EskyFun. vpnMentor reported they immediately informed EskyFun of the breach after discovering it back in July. Yet, it was only when vpnMentor contacted the Hong Kong Computer Emergency Response Team a few weeks later, having received no response from EskyFun, that the issue was addressed.

What you can do if you play EskyFun games

Ultimately, you’ll probably have no idea whether your data was included in the data breach unless something negative happens. Your email account will likely filter out any attempted phishing or ransomware attacks, too, so you might not even know if it does.

The best thing to do in general is to check your devices, whatever games you play, and check your data sharing permissions. Mobile games, particularly on the Android platform, are somewhat notorious for the data they collect and how they go about it, so you might even want to consider how you play mobile games in future to minimise your risk of being involved in a breach.

Do you know when your data is being collected and how it is used?

If your data is collected, stored, shared, distributed, or accessed without your permission, you could be entitled to compensation. Not all data breaches involve cybercrime and data theft, or financial loss. However, this doesn’t detract from their seriousness.

If you’re concerned about how a gaming company or any other business collects and uses your data, and you believe your data or privacy has been put at risk, you may have grounds for a data breach claim.

Contact us today for a FREE, no-obligation assessment of your potential data breach claim.