Mobile Gaming or Mobile Thieving?

October 10, 2019
online game databreach thieving mobile app

Smartphone players often rely but get frustrated with the free mobile gaming mechanism, making them wait for a long period of time to advance and unlock some of it’s features. With this in mind, players end up finding ways to progress into the game.

Now this is where the hackers come in. Popular mobile games such as Fortnite, Mario Legends, PUBG and SuperCell games – are just a few of the games being used by these cyber attackers to launder money.

These Mobile games alone have over 200-300 million users, which translates to about US $300 million USD every year. The number of users and the amount of money they produce are more than enough reason for cyber criminals to step in and do their magic.

According to a recent report by cyber security experts from a German Cyber Security Company, it was June when they first came across the money-laundering incident. It was when they examined an unsecured MongoDB database.

This database was publicly available and accessible even without a password. The records on the database contain more than 20,000 credit card details and purchases ranging from April to late June 2018.

Nonetheless, the experts were able to deduce that they are not just dealing with any company or business being all careless with their data. The entire database belongs to Carders (credit card thieves).

This is not just your average identity theft or malware attack, this is something else entirely.

These thieves had just created a state of the art automated mechanism for generating fake Apple ID and Google Play accounts with the stolen credit card information and randomly buying the in-game virtual currencies, including power-ups, gems and other valuable game items. These virtual goodies can be sold online to other players on third-party markets and makeshift game stores.

They maintain their value after purchase, that’s how they’re designed. The games themselves can be bought and transferred from one account to another. In other words, these criminals are making money by exchanging the credit card-bought items for actual money.


Due to these events, Mobile Gaming developers like Supercell, have already warned its users not to be fooled by these scams and to make sure they secure their personal accounts, especially their Apple and Google Play credentials.


They’ve also stressed the consequences of providing their private information to third-parties, placing their games and personal details at risk. Any violation of their in-game policies will directly result to being banned permanently and their purchases forfeited.

Truth be told, there’s lots of things that we can do to prevent these kinds of cyber attacks via mobile games. Apple and Google could take additional steps to ensure that data from their users are more secure, especially during account creation.

App stores and developers could also improve their policies to expose and fend off abusers. But honestly, if not for these criminals’ carelessness with their database, we probably wouldn’t have found out about this attack. Still, consider yourself informed.


About the author

Leave a Reply