Supersonic Studios LTD

Supersonic Studios LTD, also known by the alias Creators of Escalators, is a mobile game developer that creates and publishes games for smartphones and tablets. One of its titles has achieved over 10 million downloads across major app stores, indicating a substantial global reach. The studio employs backend services such as Firebase to support real‑time game functionality and data storage. It integrates payment application programming interfaces to enable in‑app purchases and monetisation of its games. Its specialization lies in delivering casual mobile gaming experiences that combine engaging gameplay with integrated revenue mechanisms. The organisation operates as an independent limited company under the formal name Supersonic Studios LTD. No explicit information about parent or subsidiary relationships is provided in the source material. The studio’s notable competency includes managing large‑scale user bases and handling real‑time data streams from millions of active players. Its technical approach reflects a focus on scalable cloud‑based infrastructure and secure transaction processing for a mobile‑first audience.

On November 1, 2022, Supersonic Studios LTD experienced a security breach in which attackers leaked the source code of one of its mobile games. The leaked source code contained hard‑coded Firebase credentials that could be used to access the game’s backend database. Additionally, the source code included obfuscated payment API keys associated with the game’s in‑app purchase system. Exposure of the Firebase credentials risked unauthorized database access, potentially allowing attackers to read or modify user data. Deobfuscation of the payment API keys could enable financial fraud by facilitating illegitimate transaction generation. The breach also compromised purchase tokens, which could be reused to fraudulently obtain virtual goods or services. User identifiers embedded in the source code were exposed, increasing the risk of identity‑linked attacks. The incident threatened the studio’s intellectual property, as the source code revealed proprietary game logic and design. The event was reported by CyberNews, which highlighted the potential impact on both user privacy and the studio’s revenue streams. No further details about the attack vector or remediation efforts are provided in the available sources.