Dungeon Crusher Players Hit by Massive Data Leak Due to Misconfigured Database
A misconfigured Elasticsearch instance exposed sensitive data belonging to players of Dungeon Crusher, a popular RPG game developed by Towards Mars. Cybernews researchers discovered the breach, which leaked 24.5 million in-game chat records, including timestamps and message content, alongside 198,000 web purchase records.
Of the exposed purchase data, 151,000 records contained IP addresses, partial credit card numbers, email addresses, and purchase locations, while 20,000 records revealed transaction details, payment currencies, Steam IDs, and order/item IDs. An additional 65,500 records tied to mobile app store purchases were also compromised.
The data was secured after researchers notified the company, though Towards Mars did not comment on the incident. Security experts warn that the exposed information could be weaponized for fraud, phishing, identity theft, and other cyberattacks. The breach underscores the risks of improperly configured databases in gaming and e-commerce platforms.
Towards Mars! cybersecurity rating report: https://www.rankiteo.com/company/towards-mars-
"id": "TOW1772160424",
"linkid": "towards-mars-",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Dungeon Crusher players',
'industry': 'Gaming',
'name': 'Towards Mars',
'type': 'Company'}],
'attack_vector': 'Misconfigured Database',
'data_breach': {'number_of_records_exposed': '24.5 million in-game chat '
'records, 198,000 web purchase '
'records, 65,500 mobile app '
'store purchase records',
'personally_identifiable_information': ['IP addresses',
'Partial credit card '
'numbers',
'Email addresses',
'Steam IDs'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['In-game chat records',
'Web purchase records',
'Mobile app store purchase '
'records']},
'description': 'A misconfigured Elasticsearch instance exposed sensitive data '
'belonging to players of *Dungeon Crusher*, a popular RPG game '
'developed by Towards Mars. The breach leaked 24.5 million '
'in-game chat records, including timestamps and message '
'content, alongside 198,000 web purchase records. The exposed '
'data included IP addresses, partial credit card numbers, '
'email addresses, purchase locations, transaction details, '
'payment currencies, Steam IDs, and order/item IDs. The data '
'was secured after researchers notified the company, though '
'Towards Mars did not comment on the incident. Security '
'experts warn that the exposed information could be weaponized '
'for fraud, phishing, identity theft, and other cyberattacks.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': '24.5 million in-game chat records, 198,000 '
'web purchase records',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Elasticsearch database'},
'lessons_learned': 'The breach underscores the risks of improperly configured '
'databases in gaming and e-commerce platforms.',
'post_incident_analysis': {'root_causes': 'Misconfigured Elasticsearch '
'instance'},
'references': [{'source': 'Cybernews'}],
'response': {'containment_measures': 'Database secured after notification',
'third_party_assistance': 'Cybernews researchers'},
'title': 'Dungeon Crusher Players Hit by Massive Data Leak Due to '
'Misconfigured Database',
'type': 'Data Breach',
'vulnerability_exploited': 'Misconfigured Elasticsearch instance'}