Industry News
Security lapse exposes 100 million plus bets

In a massive security breach, information about 108 million bets and user details stored in the server of an online casino group has been leaked.
Apart from personal information, payment card details, including real names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, browser and OS details, last login information, and a list of played games, deposits, and withdrawals, have also been leaked.
According to ZDNet, that first reported the news, data was stored in an ElasticSearch server exposed online without a password.
ElasticSearch instances are usually used only on internal networks, but sometimes they are wrongly configured, resulting in online exposure.
Security researcher Justin Paine who spotted the unsecured ElasticSearch server first reported the data leak.
“Despite being one server, the ElasticSearch instance handled a huge swathe of information that was aggregated from multiple web domains, most likely from some sort of affiliate scheme, or a larger company operating multiple betting portals,” states ZDNet.
“After an analysis of the URLs spotted in the server’s data, Paine and ZDNet concluded that all domains were running online casinos where users could place bets on classic cards and slot games, but also other non-standard betting games.”
All the domains present in the data leak belong to online casinos (i.e. kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net), some of them were no standard betting games.
All the companies involved in the data leak are located in the same building in Limassol, Cyprus, or were operating under the same eGaming license number issued by the government of Curacao, a circumstance that suggest they were operated by the same entity.
According to the expert, the huge archive was not containing full financial details, but ZDNet pointed out anyone who found the database would have known the personal information of players who recently won large sums of money and could use them to carry out malicious activities against these users, including scams or extortion attempts.
“It’s down finally. Unclear if the customer took it down or if OVH firewalled it off for them,” Paine told ZDNet.
-
Asia2 days ago
Jetapult Strengthens AI Expertise: Onboards Industry Leaders, Oz Silahtar and Dr. Arjun Jain
-
Latest News3 days ago
Roobet Promo Code: Redeem “WRD100” Now to Get a Free Money & Cashback
-
Latest News3 days ago
UK Gambling Commission Flags Deepfake-Fueled Money Laundering Threats in Online Gambling Sector
-
Latest News3 days ago
Recently Released Slot Games Worth Checking Out
-
Latest News3 days ago
Regulatory Roadblocks: The Future of Sweepstakes Gaming in the U.S.
-
Africa3 days ago
Gaming Corps Expands African Presence with KingMakers Partnership
-
Latest News3 days ago
ULTIM8 SPORTSBOOK IFRAME: Ultimate Solution for Operators Who Have Seen It All
-
Latest News2 days ago
Affiliate Sites as Gatekeepers: What Role Do We Play in Shaping the Industry?