- Wahlap left open an Elasticsearch instance that exposes 18.9 million records linked to its WeChat mini-program ecosystem.
- The data included 6.6 million unique union IDs, 1.7 million phone numbers, and personal data that could enable targeted phishing and fraud.
- The file was locked after its disclosure, although there is no evidence that the exposed information was exfiltrated.
Wahlap, the Chinese video game maker, allegedly kept a huge user database open on the Internet, available to anyone who knew where to look, according to security researchers from cyber news have warned, putting personal information at risk.
Wahlap is one of the largest arcade game manufacturers in the world and works with some of the biggest names in the gaming industry, such as Sega or Timezone. It offers Wahlap WeChat mini programs, lightweight applications that run within the WeChat ecosystem.
For those who are not familiar with WeChat, it is one of the most popular mobile applications in the Chinese market. It’s primarily a chat app, but it offers all kinds of features, from instant payments to, apparently, light gaming. These features come in the form of mini apps displayed within WeChat, and Wahlap appears to have collected and stored the generated data in an open Elasticsearch instance.
Phishing and fraud risk
He cyber news The team divided the information into several categories: Wahlap member data, gaming behavior data, asset data, consumer snapshots, and other indices.
In total, 18.9 million records were exposed online, with Wahlap’s member data category being the largest by far. Weighing in at over 10GB, it contains 6.6 million unique union IDs, 1.7 million unique phone numbers, and 24,000 dates of birth and full names.
Researchers believe the data could have been used to profile Wahlap users and target them with highly personalized fraud and phishing attacks. “In addition, the logs contained data that revealed user IDs within the Wahlap ecosystem that referred to different available mini-programs, as well as registration dates for specific games,” said the cyber news the team said. This is precisely the type of information that threat actors can use to appear credible.
However, there is no evidence that the data has already been extracted.
cyber news He contacted Wahlap and, although he did not receive written confirmation or acknowledgment, he did notice that the file was locked shortly after.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
