"Mobile Game With 10M+ Downloads Spills Source Code, Endangers User Data"

Escalators, a popular mobile game available on Google Play Store and Apple's App Store, had its source code exposed on several hacker forums. The threat actor published a nearly 600 MB dataset of stolen data. The exposure of developers' intellectual property caused by source code leaks poses a significant security risk. Source code exposures can also enable attackers to examine the security vulnerabilities of apps and create more advanced attacks for later use. According to the Cybernews research team, the leaked information contains the Firebase URL and its key. Firebase is a platform for developing mobile apps that is mostly used for data storage. With the Firebase URL and key, an attacker could access confidential user data stored in the Firebase database, potentially leading to data theft or manipulation. Google and Apple in-app payment Application Programming Interface (API) keys have also been leaked. Although the API keys are obfuscated, the team discovered instructions for deobfuscating the data. Through access to the game's source code and in-app payment keys that enable the processing of in-app transactions, attackers can make unauthorized in-game purchases. This could result in financial losses and fraud for the company. This article continues to discuss the leak of data allegedly taken from the creators of the Escalators mobile game.

Cybernews reports "Mobile Game With 10M+ Downloads Spills Source Code, Endangers User Data"