The Chinese global mobile app and mobile platform development firm, Sungy Mobile, aka GOMO, may have leaked the data of over 50.5 million customers, mostly of which are children. An open port allowed independent researcher going by the pseudonym “Flash Gordon” to infiltrate the database through vulnerable IP addresses that had no login credentials. The researcher detected the flaw on May 25.
The apps developed by GOMO are very popular in China, especially among kids, the company claiming more than 2 billion downloads. The data exposed information such as emails, bcrypt passwords, country of user, avatars and purchases, as well as some information of US users such as emails, username, school, gender, date of birth and their International Mobile Subscriber Identity number. Overall, some 100GB of decompressed data was exposed.
Number-wise, the data exposed contained 50,553,664 unique accounts, 47,415,210 unique devices, 4,379 distinct mobile numbers in accounts, 51,426,769 distinct email addresses in accounts, 48,255,172 profiles and 4 system users.
At the moment, it is not clear if the affected customers have been informed about the vulnerability. According to a company statement released for DataBreaches.net, the bug was caused by a misconfigured backup, as per screenshot below.