- Wahlap left an Elasticsearch instance open that revealed 18.9 million records linked to its WeChat widget ecosystem
- Data included 6.6 million unique Union IDs, 1.7 million phone numbers and personal information that could enable targeted phishing and fraud
- The archive was locked down after the disclosure, although there is no evidence that the exposed information was exfiltrated
Chinese arcade manufacturer Wahlap allegedly kept a huge user database open on the Internet, available to anyone who knew where to look, security researchers from Cyber news has warned, putting personal information at risk.
Wahlap is one of the largest arcade manufacturers in the world and works with some of the biggest names in the gaming industry, such as Sega or Timezone. It offers Wahlap WeChat widgets, lightweight applications that run inside the WeChat ecosystem.
For those who are not familiar with WeChat, it is one of the most popular mobile apps in the Chinese market. It’s primarily a chat app, but offers all sorts of features from instant payments to, apparently, lightweight gaming. These features come in the form of mini-apps that appear in WeChat, and Wahlap appears to have collected and stored the generated data in an open Elasticsearch instance.
Risk of phishing and fraud
The Cyber news the team divides the information into several categories: Wahlap member data, gaming behavior data, asset data, consumer snapshots and other indexes.
A total of 18.9 million records were exposed online, with the Wahlap member data category being by far the largest. Weighing in at over 10GB, it contains 6.6 million unique Union IDs, 1.7 million unique phone numbers and 24,000 birth dates and full names.
The researchers believe the data could have been used to profile Wahlap users and target them with highly personalized phishing attacks and scams. “Additionally, the records contained data revealing user IDs in the Wahlap ecosystem that refer to various widgets available as well as registration dates for specific games,” Cyber news said team. This is exactly the kind of information that threat actors can use to sound credible.
However, there is no evidence that the data had already been exfiltrated.
Cyber news reached out to Wahlap, and while it did not receive a written acknowledgment or confirmation, it noted that the archive was locked down soon after.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
