The California Office of the Attorney General disclosed a data breach affecting Survival Servers, LLC on June 7, 2022, stemming from an incident on June 4, 2022. The breach resulted from an improperly configured public policy rule, which inadvertently granted unauthorized access to a database backup. The exposed data included member usernames, email addresses, partial phone numbers, IP addresses, and game server-related information. While the breach did not involve highly sensitive financial or government-issued identifiers (e.g., Social Security numbers, credit card details), the exposure of personal contact details (emails, phone numbers) and IP addresses poses risks such as targeted phishing, spam, or account takeover attempts for affected users. The incident highlights vulnerabilities in access control configurations, particularly in cloud or backup storage systems, which could be exploited by threat actors for further malicious activities. No evidence suggests the data was actively exfiltrated for ransomware or large-scale fraud, but the unauthorized access alone constitutes a security failure with potential reputational and operational consequences for the company.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-554087
TPRM report: https://www.rankiteo.com/company/logicservers
"id": "log949082125",
"linkid": "logicservers",
"type": "Breach",
"date": "6/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Gaming Services / Hosting',
'location': 'California, USA',
'name': 'Survival Servers, LLC',
'type': 'Company'}],
'attack_vector': 'Improperly configured public policy rule',
'data_breach': {'file_types_exposed': ['database backup'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate (personally identifiable '
'information)',
'type_of_data_compromised': ['usernames',
'email addresses',
'phone numbers (some)',
'IP addresses',
'game server-related '
'information']},
'date_detected': '2022-06-04',
'date_publicly_disclosed': '2022-06-07',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Survival Servers, LLC on June 7, 2022. The '
'breach occurred on June 4, 2022, due to an improperly set '
'public policy rule allowing access to a database backup, '
'potentially affecting member usernames, email addresses, some '
'phone numbers, IP addresses, and game server-related '
'information.',
'impact': {'data_compromised': ['usernames',
'email addresses',
'phone numbers (some)',
'IP addresses',
'game server-related information'],
'systems_affected': ['database backup']},
'post_incident_analysis': {'root_causes': 'Improperly set public policy rule '
'allowing unauthorized access to a '
'database backup'},
'references': [{'date_accessed': '2022-06-07',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Data Breach at Survival Servers, LLC',
'type': 'Data Breach',
'vulnerability_exploited': 'Misconfigured database backup access'}