Online Casino Group Leaked Information of Over 108 Million Bets and User Data

in dataleak •  6 years ago 


Security researcher Justine Paine discovered a data leak this week from an ElasticSearch server. The leak involved over 108 million bets and user data from an online casino group. Paine discovered the leak after finding the server which had been exposed online without a password.

Some of the domains that Paine spotted in the leaky server included kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net, just to name a few.

Unsecured Server


Companies use ElasticSearch servers to improve web apps and search capabilities. These servers should be kept secure and remain offline because they often contain companies most sensitive data. This data is usually centred around customer transactions and other personal data from users.

Analyzing the URLs


Paine analyzed the URLs found on the server and concluded that all of them were from a large company or affiliate scheme. These URLs were used to operate multiple online casino betting portals.

This one server was holding a huge amount of data. All of the domains were running online casinos where bets were placed along with other games.

Domains Linked to One Location


Not all of the domains found were owned by the same company. However, they were all registered to the same building at an address in Limassol, Cyprus. All of the companies are also using the same eGaming licence issued by the same government in the Carribean. This suggests that they are all owned by the same umbrella company.

Exposed Data


User data contained in the server included home addresses, names, email addresses, and account balances. Paine also found that around 108 million records were exposed relating to wins, deposits, and withdrawals. This withdrawal data also included payment card details.

Not all financial details have been leaked. However, it has exposed personal details of people who won large sums of money.

The server is now offline, the company has not responded to any reports.

 

 


Posted from my blog with SteemPress : https://latesthackingnews.com/2019/01/22/online-casino-group-leaked-information-of-over-108-million-bets-and-user-data/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.zdnet.com/article/online-casino-group-leaks-information-on-108-million-bets-including-user-details/

I don't know about storing Elasticsearch offline, but it certainly doesn't need to be publicly accessible. Especially without requiring authentication.

Unsecured AWS Buckets and Elasticsearch instances are creating too many headlines lately.