ADVERTISEMENT

Gamers’ credit cards at risk after popular RPG Dungeon Crusher exposes data

A hit RPG game has accidentally exposed something far more valuable than loot. A misconfiguration in the game’s infrastructure left players’ purchase data accessible to anyone on the internet.

rpg dungeon crusher game just exposed players credit cards

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Feb 25, 2026 Updated: 25 February 2026 2 min read
steam_purchase
Leaked in-game purchase through Steam. Screenshot by Cybernews
web_purchase
Leaked in-game purchase through the web. Screenshot by Cybernews

What data was leaked?

  • Partial credit card numbers
  • User email addresses
  • IP addresses
  • GeoIP data, including city, district, and precise geographic coordinates of the purchase location

Messages, locations, and transactions leaked

ADVERTISEMENT
chat_message
Leaked in-game chat message. Screenshot by Cybernews
  • Steam identifiers (some in the 17-digit SteamID64 format, others in the older 10-digit identifiers)
  • Transaction dates
  • Payment currency
  • Order and item IDs
  • Transaction status
  • Google Play order IDs in the GPA format
  • Country codes and related metadata

Why should we care?

Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

Disclosure Timeline


ADVERTISEMENT