66,000 Gamers Exposed due to Cloud Misconfiguration

January 28, 2021 admin OSINT, Security, threatintel

Click the icon to Follow me:-

VIPGames.com, a free platform with a sum of 56 accessible classic board and games like Hearts, Crazy Eights, Euchre, Dominoes, Backgammon, and others, has uncovered the personal data of tens of thousands of users.

AMD Ryzen 9 3900X 12-core, 24-thread unlocked desktop processor with Wraith Prism LED Cooler $484.00

The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 12 cores and 24 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED ... read more

(as of February 28, 2021 - )

AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler ~~$389.99~~ $377.10

AMD's fastest 6 core processor for mainstream desktop, with 12 processing threads Can deliver elite 100+ FPS performance in the world's most popular games Bundled with the quiet, capable AMD Wraith Stealth cooler 4.6 GHz Max Boost, unlocked for overc... read more

(as of February 28, 2021 - )

AMD Ryzen 5 2600 Processor with Wraith Stealth Cooler - YD2600BBAFBOX ~~$199.00~~ $189.99

System ram type: DDR4_sdram

(as of February 28, 2021 - )

A research group at WizCase found the wide-open server, with zero encryption and no password protection, through a straightforward search. It was traced back to VIPGames.com, a mainstream free-to-play card and table game platform with 100,000 Google Play downloads and about 20,000 active daily players globally.

“Online gaming brings together user personal information, transaction details, and gaming habits. This fusion of confidential information creates a lucrative environment for cybercriminals to exploit,” the WizCase report clarified. “Gaming platforms routinely experience multiple attacks from hackers, sabotage from competing platforms, intra-platform attacks by players targeting the Internet connections of rival users, and more.” In this situation, over 30GB of information was leaked in the security snafu, including 23 million records. In this trove, the researchers selected 66,000 client profiles including usernames, emails, device details, IP addresses, hashed passwords, Facebook, Twitter, and Google IDs, in-game transaction details, bets, and details about restricted players.

The passwords were hashed utilizing the Bcrypt algorithm utilizing 10 rounds which, while tedious, isn’t incomprehensible for a determined attacker to break, WizCase contended. These could then be utilized to attempt to open different sites and accounts utilized by the same gamers. The firm cautioned that if a threat actor had found the exposed data, they might have created persuading phishing assaults by email or telephone, utilizing the extensive personal information in these profiles.

WizCase said if a client was prohibited for exhibitionism, somebody who knows their email address or social media accounts could threaten to uncover them. Additionally, given bans are ultimately at the arbitrators’ caution, a restricted player’s very own reputation might be destroyed if the allegation was without merit.

For clients, experts concur basic prescribed procedures for online security is consistently a smart thought — be cautious about what you share, try not to tap on dubious messages or interfaces and proper password hygiene is important, WizCase exhorted. The firm additionally proposed utilizing a VPN service to keep location data secure and install good antivirus software while the industry struggles to keep up.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.