The data of almost 19 million users of slot machines were publicly available.
Wahlas slot machines could become a source of large data leakage. In the public domain were almost 19 million records with names, phone numbers, dates of birth, WeChat identifiers and information about what users played and where the machines were running.
China’s Wahlap is considered one of the largest manufacturers of arcade machines in the world. The company collaborates with Sega, Warehouse of Games, Timezone and other gaming networks. According to Cybernews, on March 19, experts found three open servers of Wahlap, on which the Elasticsearch cluster worked. Access to data remained open at least until May 18, 2026, after which the cluster was closed.
In total, 18.9 million records were found on the network. Among them were data from Wahlap members, information about their game activity, coupons, applications and system journals. The largest section occupied more than 10 GB and contained almost 7.9 million records of users. It contained 6.6 million unique Union IDs, 1.7 million unique phone numbers, as well as 24 000 birth dates and full names.
Union ID is a regular user identifier in the WeChat ecosystem. The identifier allows developers to recognize the same person in different mini-applications, official accounts and mobile applications. Experts believe that the data could have leaked through the mini-application of Wahlap inside WeChat, which were probably used to pay for games.
Of particular concern is the part of the data on minors. The open records found about 3800 profiles of children and adolescents with personal information, including names, dates of birth and geodata.
A separate array described the game behavior of users. 1.3 million records included information about their favorite places, the last slot machines visited, the frequency of launches of individual games and overall activity. Almost 2 million records were related to coupons and other digital assets of users.
Experts did not find evidence that the attackers have already used the base. But such open servers regularly scan automatic programs that search for and copy available data. Such a set of information helps to compile accurate profiles of people, select convincing phishing messages and use social engineering techniques. The presence of geodata also increases the risk of surveillance and harassment of users.
Wahlas slot machines could become a source of large data leakage. In the public domain were almost 19 million records with names, phone numbers, dates of birth, WeChat identifiers and information about what users played and where the machines were running.
China’s Wahlap is considered one of the largest manufacturers of arcade machines in the world. The company collaborates with Sega, Warehouse of Games, Timezone and other gaming networks. According to Cybernews, on March 19, experts found three open servers of Wahlap, on which the Elasticsearch cluster worked. Access to data remained open at least until May 18, 2026, after which the cluster was closed.
In total, 18.9 million records were found on the network. Among them were data from Wahlap members, information about their game activity, coupons, applications and system journals. The largest section occupied more than 10 GB and contained almost 7.9 million records of users. It contained 6.6 million unique Union IDs, 1.7 million unique phone numbers, as well as 24 000 birth dates and full names.
Union ID is a regular user identifier in the WeChat ecosystem. The identifier allows developers to recognize the same person in different mini-applications, official accounts and mobile applications. Experts believe that the data could have leaked through the mini-application of Wahlap inside WeChat, which were probably used to pay for games.
Of particular concern is the part of the data on minors. The open records found about 3800 profiles of children and adolescents with personal information, including names, dates of birth and geodata.
A separate array described the game behavior of users. 1.3 million records included information about their favorite places, the last slot machines visited, the frequency of launches of individual games and overall activity. Almost 2 million records were related to coupons and other digital assets of users.
Experts did not find evidence that the attackers have already used the base. But such open servers regularly scan automatic programs that search for and copy available data. Such a set of information helps to compile accurate profiles of people, select convincing phishing messages and use social engineering techniques. The presence of geodata also increases the risk of surveillance and harassment of users.
