Data processed by an online betting group are exposed; compromised files include more than 100 million of user records and their bets and earnings
Dozens, even hundreds of reports about data security incidents that
compromise the personal information of millions of people are presented daily.
According to experts in network
security and ethical hacking from the International Institute of Cyber
Security, the most recent victim of a massive data leaking is an online casino,
as it has leaked information related to more than 100 million of operations in
the casino, including the gamblers’ personal information.
Among the information leaked, according to experts in network security, there
are:
- Users’ actual
names - Email addresses
- Dates of birth
- Login
information, used games, bets, deposits and withdrawals - Payment card
details
Early investigations into the incident indicate that the leaked data was
stored on an ElasticSearch
server exposed online without the necessary security measures.
ElasticSearch implementations are usually installed in organizations’
internal networks, although a poorly configured system can be exposed online,
commented the network security specialists. Justin Paine, a cybersecurity
researcher, found the leaked data after detecting this misconfigured ElasticSearch
instance.
Paine believes that these data come from multiple web domains: “Although
only one server was discovered, this ElasticSearch instance contained a large
amount of information, probably added from multiple sites,” commented the
expert.
“After analyzing the URLs detected on the server, we concluded that all
domains hosted online casinos where users could bet on card games, virtual
slots and other betting games.” All domains analyzed (kahunacasino.com, azur-casino.com, easybet.com and
viproomcasino.net) belong to online casinos.
All the companies involved in this incident are in the same building
located in Cyprus, they also operate under the same electronic gambling license
issued by the Government of Curaçao, which makes researchers suppose that all
these sites are operated by the same entity.
According to the expert, the file did not host complete financial
information, but only a few details. However, he also highlights that among the
leaked data is the information of players who have earned considerable sums on
these sites, which could be used in spam campaigns or even extortion, so that potentially
compromised users must remain attentive to any hint of cyber attack.
