Expert React: Battle For The Galaxy – 6 Million Gamers Hit By Data Leak

BACKGROUND:

A Chinese game developer has accidentally leaked nearly six million player profiles for the popular title Battle for the Galaxy after misconfiguring a cloud database. The WizCase research team made this discovery containing 5.9 million player profiles, two million transactions, and 587,000 feedback messages. 

Experts Comments

June 03, 2021
Trevor Morgan
Product Manager
comforte AG

It’s not all fun and games when a game developer of your favorite title accidentally leaks player profiles containing users’ sensitive PII. The perception that game profiles don’t contain much if any valuable information is incredibly faulty. The linkages that users set up—often using their social media account credentials to create gaming accounts and profiles—capture a much larger swath of usable information for threat actors, enabling the targeting of users who spend larger amounts

.....Read More

It’s not all fun and games when a game developer of your favorite title accidentally leaks player profiles containing users’ sensitive PII. The perception that game profiles don’t contain much if any valuable information is incredibly faulty. The linkages that users set up—often using their social media account credentials to create gaming accounts and profiles—capture a much larger swath of usable information for threat actors, enabling the targeting of users who spend larger amounts of money on the game. Gamers need to be aware of the types of data they are giving to the game directly or through linking accounts, and they need to hold game developers and hosting companies accountable for protecting it.

 

On the other side of that coin, gaming organizations need to take data privacy much more seriously, building into their data infrastructures more than just the bare minimum level of security. Given that they collect potentially valuable data from users, their strategy should be data-centric, with an assumption that threat actors might try to get to this cache of information. When you protect the data itself, rather than the perimeters around it, with methods such as tokenization or format-preserving encryption, you obfuscate the sensitive parts and render it incomprehensible and useless to hackers. Better yet, data-centric security is not dependent on protected borders and travels with the data. These organizations need to level up their ability to thwart deliberate attacks or inadvertent leaks through a data-centric approach to protecting their customers’ user profiles and PII.

  Read Less
June 03, 2021
Tim Mackey
Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
Synopsys

With the prevalence of misconfigured databases, it’s clear that some teams lack the ability to confirm they are using a secure configuration for their production systems. There are a number of potential remedies, but one of the simplest is to define an exception based update model for configuration settings. Under this model, an audit level review of configuration data is performed to create a set of approved configuration settings and files. Any update to those previously approved settings

.....Read More

With the prevalence of misconfigured databases, it’s clear that some teams lack the ability to confirm they are using a secure configuration for their production systems. There are a number of potential remedies, but one of the simplest is to define an exception based update model for configuration settings. Under this model, an audit level review of configuration data is performed to create a set of approved configuration settings and files. Any update to those previously approved settings then requires that same audit level review for the changes, and current configuration is always validated against approved settings. While there are a number of technologies that can be used to implement exception based updates, this is a case where a well defined process with automated checks is far more valuable than the technology implementing the process.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.