Cybernews reports that Dungeon Crusher, a widely played RPG game, had its players' partial purchase data and in-game chats inadvertently leaked by a misconfigured Elasticsearch instance.Analysis conducted by the Cybernews research team found that 24.5 million records of in-game messages, including timestamps and message content, were leaked. Researchers also flagged that 151,000 of 198,000 leaked web purchase records include IP addresses, partial credit card numbers, email addresses, and purchase location information. Over 20,000 records that exposed transaction status and dates, payment currency, Steam identifiers, and order and item IDs were linked to in-game purchases. Roughly 65,500 purchase records made through mobile app stores were also exposed.The exposed Dungeon Crusher data was reportedly secured after researchers contacted the company but provided no comment on the leak. Researchers warned that the exposed data could be exploited for fraud, targeted phishing, identity theft, and other future attacks. The RPG game was developed by Towards Mars.
Data Security
Unsecured Elasticsearch database leaks Dungeon Crusher players’ purchase data

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



