Millions of Magic Rampage players could be facing a potential security threat following about a data breach that has stemmed from a vulnerability within the misconfigured cloud storage.
Asantee Games, an independent game development company known for its commitment to quality, is the creative force behind popular titles like Magic Rampage, Magic Portals, Hit The Gator, and Bee Avenger.
The Cyber Express has reached out to Asantee Games for clarification regarding the alleged Magic Rampage data breach. In response to the breach, the organization confirmed the existence of a vulnerability, sating that the flaw was “identified a few weeks ago and was promptly addressed within a few hours of its discovery”
Magic Rampage Data Breach Stemmed from a Vulnerability
The Magic Rampage breach at Asantee Games appears to stem from a misconfiguration within MongoDB, a popular document-oriented database platform. This oversight left the company’s data repository devoid of password protection, rendering data from the organization accessible to the public for a short amount of time. A spokesperson for Asantee Games confirmed that the vulnerability was identified and contained a few weeks ago.
In a statement shared with TCE, Asantee Games, stated that “our team took immediate action to secure our systems and further strengthen our database security to prevent such occurrences in the future. It is important to note that no other critical personal data was compromised. We do not store sensitive information such as names, birth dates, or addresses, hence minimizing the potential impact on our users.”
Moreover, MongoDB itself acknowledged a security incident on December 13, 2023, indicating unauthorized access to certain corporate systems. Investigations subsequently revealed that the breach was the result of a successful phishing attack.
Fortunately, it appears that the breach did not compromise data stored within MongoDB Atlas, the company’s fully managed cloud database service. Nonetheless, the incident affected other organizations using MongoDB for operations.
The MongoDB Data Breach and Cyberattacks on the Gaming Industry
The MongoDB data breach was contained as the company activated its incident response plan, however, the repercussions of the breach are still visible on the market — with the latest example being the Magic Rampage data leak.
Moreover, the access to the Magic Rampage database was secured in a few hours. The leaked data, however, reportedly includes players’ usernames, emails, device information, statistics, and admin credentials with encrypted passwords. Detailed logs reveal various categories of information, including prize counts, storage sizes, and timestamps, providing insights into the scope of the breach. However, the organization denies the involvement of any user data being compromised in this breach.
Furthermore, the gaming industry at large faces persistent threats from hackers and ransomware groups, as evidenced by the recent breach affecting Void Interactive, developers of Ready or Not. With over 4TB of data allegedly stolen, including millions of files, the incident highlights the ongoing challenges posed by cybersecurity vulnerabilities.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
