Critical Vulnerabilities In Gameloft Exposing Millions Of Phone Numbers

Critical Vulnerabilities In Gameloft Exposing Millions Of Phone Numbers

Gameloft, the popular game developer who has created Asphalt 8, Modern Combat 4, Gangster Vegas etc. is exposing millions (approx. 10 million) of user's phone numbers. According to the researcher, Gameloft.com is not only exposing phone numbers but also putting their users at risk of exploitation via cross-site scripting.

Security expert Aria Akhavan has found several SQL injection and Cross Site Scripting vulnerabilities in Gameloft.com that allows an attacker to steal phone numbers and user sessions.

He had tried to report the vulnerabilities to Gameloft via email and telephone. After several failed attempts, he contacted Effect Hacking.

Akhavan told Effect Hacking, "With this SQL Injection, an attacker can fully take down the server of gameloft.com."

"It is a shame that Gameloft doesn´t have an official e-mail address where Security Researchers can report anything to them. Also, they should update the phone numbers on their website since people should be able to call for urgent matters," he added.

If you want to help Gameloft, share this article to Gameloft's twitter account and let them know about it.

You can contact Aria Akhavan at https://websec-test.com.

No comments

Powered by Blogger.