Ransomware

Magic Rampage Data Breach Links To A Now-Fixed Vulnerability

The Magic Rampage breach at Asantee Games appears to stem from a misconfiguration within MongoDB, a popular document-oriented database platform.

by Ashish Khaitan April 18, 2024 in Cybersecurity News, Data Breach News, Firewall Daily Reading Time: 3 mins read 0

586 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

Millions of Magic Rampage players could be facing a potential security threat following about a data breach that has stemmed from a vulnerability within the misconfigured cloud storage.

Asantee Games, an independent game development company known for its commitment to quality, is the creative force behind popular titles like Magic Rampage, Magic Portals, Hit The Gator, and Bee Avenger.

The Cyber Express has reached out to Asantee Games for clarification regarding the alleged . In response to the breach, the organization confirmed the existence of a vulnerability, sating that the flaw was “identified a few weeks ago and was promptly addressed within a few hours of its discovery”

Magic Rampage Data Breach Stemmed from a Vulnerability 

The Magic Rampage breach at Asantee Games appears to stem from a misconfiguration within MongoDB, a popular document-oriented database platform. This oversight left the company's data repository devoid of password protection, rendering data from the organization accessible to the public for a short amount of time. A spokesperson for Asantee Games confirmed that the vulnerability was identified and contained a few weeks ago. 

In a statement shared with TCE, Asantee Games, stated that “our team took immediate action to secure our systems and further strengthen our database security to prevent such occurrences in the future. It is important to note that no other critical personal data was compromised. We do not store sensitive information such as names, birth dates, or addresses, hence minimizing the potential impact on our users.”

Moreover, MongoDB itself acknowledged a security incident on December 13, 2023, indicating unauthorized access to certain corporate systems. Investigations subsequently revealed that the breach was the result of a successful phishing attack.

Fortunately, it appears that the breach did not compromise data stored within MongoDB Atlas, the company's fully managed cloud database service. Nonetheless, the incident affected other organizations using MongoDB for operations. 

The MongoDB Data Breach and Cyberattacks on the Gaming Industry 

The was contained as the company activated its incident response plan, however, the repercussions of the breach are still visible on the market — with the latest example being the

Moreover, the access to the Magic Rampage database was secured in a few hours. The leaked data, however, reportedly includes players' usernames, emails, device information, statistics, and admin credentials with encrypted passwords. Detailed logs reveal various categories of information, including prize counts, storage sizes, and timestamps, providing insights into the scope of the breach. However, the organization denies the involvement of any user data being compromised in this breach.

Furthermore, the gaming industry at large faces persistent threats from hackers and ransomware groups, as evidenced by the recent breach affecting Void Interactive, developers of Ready or Not. With over 4TB of data allegedly stolen, including millions of files, the incident highlights the ongoing challenges posed by cybersecurity vulnerabilities.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button