An image of a water tap on a blue background showcasing an Android Game Developer's Google Drive blunder.

Imagine if you could accidentally expose the sensitive information of nearly one million people just by making a simple mistake on Google Drive. Sounds terrifying, right? Well, it happened to Japanese game developer Ateam. The company inadvertently exposed data for almost one million individuals over a period of six years and eight months due to a Google Drive configuration error.

Ateam, known for creating mobile games like War of Legions, Dark Summoner, and Hatsune Miku – Tap Wonder, informed users earlier this month that it had discovered the incorrect Google Drive setting on November 21, 2023. The instance was set to “Anyone on the internet with the link can view” since March 2017.

The error resulted in the exposure of 1,369 files containing personal information for Ateam customers, business partners, former and current employees, and even interns and job applicants. A total of 935,779 individuals had their data exposed, with 98.9% being customers. For Ateam Entertainment specifically, 735,710 people were affected.

The exposed data varies depending on each individual’s relationship with the company, but may include:

  • Full names
  • Email addresses
  • Phone numbers
  • Customer management numbers
  • Terminal (device) identification numbers

Ateam has confirmed that there is no concrete evidence of cybercriminals stealing the exposed information. However, they urge everyone to remain vigilant for unsolicited and suspicious communications.

Why You Need to Secure Your Cloud Services

Setting Google Drive to “Anyone with the link can view” is typically reserved for collaboration between people working with non-sensitive data. It’s only viewable to those with the exact URL, but if an employee or someone else with the link mistakenly exposes it publicly, it could get indexed by search engines and become broadly accessible.

While it’s unlikely that anyone discovered the exposed Google Drive URL on their own, this incident highlights the importance of properly securing cloud services to prevent data from being accidentally exposed.

Unfortunately, exposed cloud services like databases and storage buckets are commonly found by both researchers and cybercriminals. If researchers find the data, they usually disclose it responsibly. However, if cybercriminals get their hands on it, they may extort companies or sell the data to other hackers for use in their own attacks.

For example, in 2017, security researcher Chris Vickery discovered misconfigured Amazon S3 buckets exposing databases containing 1.8 billion social and forum posts made by users worldwide. Just ten days later, he found another misconfigured S3 bucket that exposed what appeared to be classified information from INSCOM.

These types of breaches have become a significant issue, prompting researchers to release tools that scan for exposed buckets. The US Cybersecurity and Infrastructure Security Agency (CISA) has also released guidance on how to properly secure cloud services.

Don’t Let This Happen to Your Business

As a business owner, it’s crucial to take cloud security seriously. A single mistake can lead to a significant data breach, which can damage your reputation and result in financial loss.

At ZZ Servers, we understand how critical securing your cloud services is, and we’re here to help. Our team of experts can guide you through the process of properly securing your cloud services, ensuring your sensitive data stays protected. Don’t wait for an incident like Ateam’s to happen to you. Contact us today to learn how we can assist you in keeping your cloud services safe and secure.