An Android Video Game With 1 Million Downloads Compromised Users’ Personal Information - 1

An Android Video Game With 1 Million Downloads Compromised Users’ Personal Information

  • Written by Ari Denial Cybersecurity & Tech Writer

Tap Busters: Bounty Hunters, a well-known mobile game, has exposed users’ confidential data.

In Google Play Store, Tap Busters: Bounty Hunters has been downloaded more than one million times and has a 4.5-star rating based on more than 45k reviews. In gameplay, players become bounty hunters looking to dominate the galaxy by defeating villains and gathering loot as they go through alien worlds.

Cybernews researched and discovered that Tap Busters: Bounty Hunters kept their database open for public access for at least five months, exposing users’ private conversations. In addition, sensitive data had been hardcoded into the client side, exposing it to further breaches.

The 349MB sized unprotected database includes usernames, user ids, timestamps, and private messages. The user’s private messages could have been permanently lost if the leaked data had not been backed up and a hacker had chosen to delete it. The developers left sensitive information hardcoded in the application’s client side along with an open Firebase instance. Here are the keys that were found:

  • fir ebase_database_url
  • gcm_defaultSenderId
  • Google_app_id
  • Google_storage_bucket
  • Google_crash_reporting_api_key
  • Default_web_client_id
  • Google_api_key

Tilting Point, the game’s developer, owns multiple successful titles with a large user base. Some of these have racked up over five million downloads. Once they were notified of the data breach, they neglected to shut down public access to the database.

According to Cybernews, “The app developers did not reply to Cybernews questions about the duration of the instance’s public accessibility or the possibility that malicious actors might exploit hardcoded secrets, resulting in sensitive data breaches.”

News Heading - 2

Sharp.Com Has Acknowledged a Security Breach Involving the Personal Data of Their Patients

  • Written by Ari Denial Cybersecurity & Tech Writer

A San-Diego based Healthcare Provider, Sharp, has started notifying their 63,000 registered patients about a data breach that compromised their personal information.

Information such as patients’ names, invoice numbers, identification numbers, and transaction amounts were exposed in the file, but payment card details, Social Security Numbers, contact details, health insurance, and other extremely sensitive information were not exposed. There has been no indication of the illegal use of stolen information.

Sharp clarified that an attack targeted their website, but thankfully their “FollowMyHealth” patient portal was not affected. However, customers who paid their bills via the provider’s online payment service between August 12th, 2021, to January 12th, 2023, have been affected.

It will no doubt come as a surprise to those concerned, but the Sharp incident is not as serious as two other recent healthcare data breaches which impacted Scripps Health and UC San Diego Health.

At the start of 2021, UCSD informed approximately 500,000 affected patients that they had suffered a phishing attack in 2020 and the beginning of 2021. This attack may have exposed details such as addresses and dates of birth, prescription info, and even Social Security Numbers.

Sharp started sending out emails to customers affected by the issue. “We recommend that affected individuals review statements they receive from their healthcare providers. If they see charges for services they did not receive, they should contact the provider immediately,” suggested in the email.

The company has also created a toll-free helpline at (833) 753-3819 to answer customers’ questions. The helpline is available from 6 AM to 6 PM on weekdays.