Android role-playing game Guidus leaks data of 100,000 users: Report 

A data leak from Guidus, an Android role-playing game included user’s game progress and could lead to threat actors accessing sensitive information 

January 27, 2023 01:41 pm | Updated 01:41 pm IST

The data leak in Guidus (RPG) game app happened through unsecured access to Firebase.

The data leak in Guidus (RPG) game app happened through unsecured access to Firebase. | Photo Credit: AP

A popular Android mobile role-playing game (RPG), Guidus, leaked data of some 100,000 users, according to a report by Cybernews.

(For insights on emerging themes at the intersection of technology, business, and policy, subscribe to our tech newsletter Today’s Cache.)

The data leak happened through unsecured access to Firebase, Google’s mobile application development platform which provides cloud-based database services.

The leak includes user game progress, which could lead to attackers deleting the data causing users to lose their progress without the ability to recover it.

Data leak in Guidus Android app could allow attackers to access sensitive user information.

Data leak in Guidus Android app could allow attackers to access sensitive user information. | Photo Credit: Special Arrangement

Developers of the app had also left keys hardcoded into the user side which could allow cybercriminals to access sensitive data which could be used to target victims, the report shared.

Researchers also found that the app hardcoded data on the client side of the app making it vulnerable to further data leaks. The amount of data in the app’s firebase instance, however, was found to be so big that due to Google’s data transferring policies threat, actors could not acquire all the data.

Guidus currently has more than 100,000 downloads on the Google App store with a 4.2-star rating based on over 16,000 reviews.

Researchers at Cybernews also analysed over 33,000 Android apps and discovered that over 14,000 apps had Firebase URLs on their end with over 600 with links to open Firebase instances which could lead to cybercriminals gaining access to sensitive information by examining the public information of an app.

Apps that contained the most hardcoded data were found in health and fitness, education, tools, lifestyle, and business categories.

Top News Today

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.