A popular Android mobile role-playing game (RPG), Guidus, leaked data of some 100,000 users, according to a report by Cybernews.
(For insights on emerging themes at the intersection of technology, business, and policy, subscribe to our tech newsletter Today’s Cache.)
The data leak happened through unsecured access to Firebase, Google’s mobile application development platform which provides cloud-based database services.
The leak includes user game progress, which could lead to attackers deleting the data causing users to lose their progress without the ability to recover it.
Developers of the app had also left keys hardcoded into the user side which could allow cybercriminals to access sensitive data which could be used to target victims, the report shared.
Researchers also found that the app hardcoded data on the client side of the app making it vulnerable to further data leaks. The amount of data in the app’s firebase instance, however, was found to be so big that due to Google’s data transferring policies threat, actors could not acquire all the data.
Guidus currently has more than 100,000 downloads on the Google App store with a 4.2-star rating based on over 16,000 reviews.
Researchers at Cybernews also analysed over 33,000 Android apps and discovered that over 14,000 apps had Firebase URLs on their end with over 600 with links to open Firebase instances which could lead to cybercriminals gaining access to sensitive information by examining the public information of an app.
Apps that contained the most hardcoded data were found in health and fitness, education, tools, lifestyle, and business categories.