- Wahlap left an Elasticsearch instance open exposing 18.9 million records related to its WeChat mini-program ecosystem.
- The data included 6.6 million unique union identifiers, 1.7 million phone numbers and personal information that could enable targeted phishing and fraud.
- The archives were locked after their disclosure, although there is no evidence that the exposed information was exfiltrated.
Wahlap, the Chinese arcade powerhouse, allegedly maintains a huge user database open on the Internet, accessible to anyone who knows where to look, according to security researchers at Cybernews warned, putting personal information at risk.
Wahlap is one of the largest arcade manufacturers in the world, working with some of the biggest names in the video game industry, such as Sega and Timezone. It offers Wahlap WeChat mini-programs, lightweight applications that run within the WeChat ecosystem.
For those unfamiliar with WeChat, it is one of the most popular mobile apps in the Chinese market. It’s primarily a chat app, but it offers all kinds of features, from instant payments to seemingly light gaming. These features come in the form of mini-apps displayed in WeChat, and Wahlap appears to have collected and stored the generated data in an open Elasticsearch instance.
Risk of phishing and fraud
THE Cybernews The team divided the information into several categories: Wahlap member data, gaming behavior data, asset data, consumer snapshots, and other indices.
In total, 18.9 million records were exposed online, with Wahlap’s member data category being by far the largest. Weighing over 10 GB, it contains 6.6 million unique union IDs, 1.7 million unique phone numbers and 24,000 dates of birth and full names.
Researchers believe the data could have been used to profile Wahlap users and target them with highly personalized phishing attacks and fraud. “Additionally, the recordings contained data revealing user identifiers within the Wahlap ecosystem referencing different mini-programs available as well as registration dates for specific games,” the report said. Cybernews the team said. This is precisely the kind of information that threat actors can use to appear credible.
However, there is no evidence that the data has ever been exfiltrated.
Cybernews contacted Wahlap and, although he did not receive confirmation or written acknowledgment, he noticed that the archives were locked shortly afterward.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.