Home > News content

Thunder snake data leak: affecting 1 billion game players

via:驱动之家     time:2020/9/25 18:08:04     readed:62

The headlight will flash when it is on! This is a lot of game enthusiasts on the thunder snake peripheral. As the main player in e-sports, its beautiful RGB color lighting effect has almost become a standard configuration, and even won the title of the first share of E-sports.

Recently, however, raptors have been labeled as data leaks.

Recently, according to foreign media reports, thunderbolt has mistakenly configured its cloud server, resulting in the disclosure of a large number of users' personal information. The leaked contents include the customer's name, telephone number, mail, delivery information, internal ID and delivery address. Security researchers say this could lead to the disclosure of the privacy of one billion game users.

What's more, the leaked data is not only open to the public, but also indexed by public search engines.

After that, thunder snake also issued an urgent apology statement:

The related problems have been fixed, which may expose the customer's order information and delivery information, but sensitive data such as credit card number or password are not exposed, and Raptor has also conducted a comprehensive review of IT security and systems.

Netizens are also very calm, said that there is no important content in the game account, there is no need to worry.


The whole story of data leakage


Bob immediately wrote an email to thunderbolt after discovering the incident, hoping to jointly deal with the problem. However, the thunder snake side did not report the risk to the relevant technical processing personnel. After Bob failed to communicate with various unrelated employees for three weeks, the cluster was publicly accessed.


It wasn't until September 12 that thunder snake officials replied to Bob on LinkedIn, saying that they had fixed the problem and made a comprehensive check on the system security. Snake also said that the leak only included order details, customer and transportation information, and did not involve credit cards, passwords and other privacy content.


At this time, nearly a month has passed since the data disclosure.

Frequent game data leaks

The thunder snake player data leakage incident, exposed the game related companies for user privacy data management deficiencies, and this data disclosure incident is not an isolated case.

Since April this year, users of the anonymous forum 4chan began to expose Nintendo's internal archive data irregularly, covering Nintendo's host operating system, art design and game source code.

"Super Mario", "Legend of Zelda", "baokemeng", "StarCraft Fox", "kinessen" and other game series development information are in the list of leakage.

At that time, it was analyzed that:

As for the mod makers and simulator developers of these old games, the leaked source code should be able to provide sufficient convenience for their work.

Furthermore, in October last year, the player information of FIFA 20 was leaked, involving more than 1600 players.

FIFA 20 is a sequel to the FIFA series produced and released by EA. When English football player George Hughes registered his account on the website, he found that when he submitted his personal information, the information of other players was displayed on the page, including personal information such as birthday, e-mail, etc.

What can leaked game data do?

So, what is the use of these leaked game data?

There are three main impacts

One is by purchasing user data, such as age, gender, income, etc. It can help the buyer to open the chart through specific software, with the details of the audience clearly recorded on the top.

In other words, the collection and analysis of player information can bring visible benefits to game development.

Take "CS: go" as an example, the buyer may count the winning rate and winning method of the police and bandits for each map. Who wins more? Is the way to end the fight by shooting, bombing or delaying? Then you use research to balance the map, or make new maps.

For another example, CS: go updated a new weapon named M4A1-S in 2013. As a result, the proportion of its use soared to one-third after five months, which convinced the authorities that the M4A1-S was too strong and needed to be weakened to a certain extent, or restricted by increasing prices.


The second is the classification of user behavior, which is often used in targeted advertising.

In January this year, taptap, a domestic game platform, received a large number of complaints and feedback from players, claiming that personal privacy had been leaked, and was frequently harassed by mobile game promoters by phone calls and text messages.

Some players said that because they filled in their mobile phone number when they made an appointment for "League of heroes mobile game" in taptap, they received a call to promote the mobile game the next day. Some players even said that as long as users registered with taptap, they would start to receive calls to promote the game.

In response, taptap's co-founder responded that after investigation, the harassed users were fans of all kinds of game content on the whole network.

In the process of report preparation, taptap found that there are some common characteristics of harassing calls / messages, such as accurate delivery of mobile game users, repeated dialing to the same number, robots calling, similar harassment patterns (calling first, sending SMS immediately after hanging up), and game contents promoted in SMS (mostly Online game download pages, and concentrated in certain games).

So, you know why you always get some weird text messages on your phone.

Third, through phishing mail fraud.

In the thunder snake leak. Security researchers remind users that criminals may use customer records to launch targeted phishing attacks, in which fraudsters will impersonate Raptors or related companies. Users should always pay attention to phishing links sent to their phone or email address.

Therefore, from this point of view, once data disclosure involves personal information privacy, there is no trivial matter.


China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments