Connect with us
SOFTSWISS

Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

Published

on

Popular Gambling App Exposed Millions of Users in Massive Data Leak
Reading Time: 5 minutes

 

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

  • Date discovered: 19th March 2020
  • Date vendors contacted: 23rd March 2020
  • Date of contact with AWS: 31st March 2020
  • Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

  • “enter game”
  • “win”
  • “lose”
  • “update account”
  • “create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

  • IP addresses
  • Email addresses
  • Winnings
  • Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

  • USA – 10,000+
  • UK – 2,475+
  • France – 1,650+
  • Israel – 408+
  • Germany – 1,582+
  • Spain – 1,026+
  • Italy – 2,407+
  • Netherlands – 622+
  • Australia – 6,251+
  • Canada – 7,792+
  • Brazil – 3,859+
  • Sweden – 191+
  • Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

  1. Trick them into providing their credit card details
  2. Trick them into providing additional PII to be used against them in further fraud
  3. Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

  1. Securing their servers.
  2. Implementing proper access rules.
  3. Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted. 

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

The purpose of this web mapping project is to help make the internet safer for all users.

 

Source

Continue Reading
Advertisement




MARE BALTICUM Gaming & TECH Summit 2024

Click to comment

eSports

NODWIN Gaming Partners with Global Esports Federation as Portfolio Management Company for Key Emerging Markets

Published

on

Reading Time: 2 minutes

 

NODWIN Gaming, the leading South Asian gaming and eSports company, today announces the agreement with the Global Esports Federation (GEF) to become the portfolio management company (PMC) for key global emerging markets across South and Central Asia, Africa, the Middle East and parts of Southeast Asia. This collaboration marks a significant milestone in NODWIN Gaming’s ambition in driving the growth of gaming and eSports globally, by leveraging its expertise and leadership position in emerging markets worldwide.

The GEF convenes the dynamic, ever-evolving eSports ecosystem including the adjacent industries and diverse network of global impact partners. Established in 2019, the GEF has flourished to over 155 member federations engaging billions of ‘#worldconnected’ athletes, players and fans.

Firmly dedicated to its mission and universal values, the GEF has evolved to become an authentic voice of the eSports community, elevating the industry’s legitimacy and credibility at a global scale. Furthermore, the GEF plays a pivotal role in cultivating emerging technological development, user, fan and brand experiences that enable innovation in gaming while ensuring the sustainable growth for eSports and limitless opportunities that inspire the world’s hyper-connected youth.

With strategic partnerships with industry giants and a proven track record of organizing gaming events and lifestyle festivals, NODWIN Gaming has now acquired exclusive rights to create and market GEF-licensed eSports events in more than 20 countries such as India, Pakistan, Uzbekistan, Kazakhstan, Dubai, Bahrain, Jordan, Thailand and Vietnam in addition to the entire continent of Africa.

As a PMC, NODWIN Gaming also secures non-exclusive rights to host GEF-licensed events globally, which paves the way for synergistic collaborations amongst the company’s subsidiaries and strategic partners worldwide. NODWIN Gaming’s recent acquisition of the Turkey-based Ninja Gaming readies the company for endeavors in Turkey, the Middle East and North Africa while its Singapore-based experiential marketing powerhouse branded focuses on the Asia Pacific region. With its equity investment earlier this year into Freaks 4U Gaming, a leading full-service gaming and eSports agency in Germany, NODWIN Gaming will tap into potential opportunities in developing GEF-licensed events in non-exclusive regions through the agency’s European as well as endemic and non-endemic network.

The co-founder and Managing Director for NODWIN Gaming, Akshat Rathee, shares his insight on the partnership with the GEF: “The world of eSports is evolving towards true global celebration of eSports titles across the world. The GEF truly epitomizes the hopes and aspirations of all the developing world markets that NODWIN Gaming seeks to develop. We believe our partnership with the GEF will bring the best of eSports opportunities to the youth of the emerging world.”

The Chief Operating Officer for the GEF, Mario Cilenti, commented on the partnership: “We are thrilled to have NODWIN Gaming on board as our PMC for the South Asia, Central Asia and Africa markets. Its capabilities and extensive experience makes it ideal partners to advance the GEF’s mission and further engage with eSports communities across key growth regions.”

For more information, please visit NODWIN Gaming on X or the official website.

Continue Reading

Industry News

Golden Matrix Acquisition of MeridianBet Group Receives High Praise from IPO Edge

Published

on

Reading Time: 2 minutes

 

Esteemed financial analysts at IPO Edge recognize the merged Golden Matrix and MeridianBet Group entity as a burgeoning global gaming leader with a promising financial outlook and innovation

Golden Matrix Group Incorporated (NASDAQ:GMGI) (Golden Matrix) and MeridianBet Group, the newly-consolidated entity in the online gaming world, are honored to receive positive analysis from IPO Edge, a leading portal known for its insightful and credible financial analyses.

The distinguished coverage highlighted the Golden Matrix acquisition of MeridianBet Group as having a significant potential to reshape the gaming landscape, focusing on the combined entity’s strategic positioning for expansive growth and technological innovation.

The entire analysis can be found at: https:/ /IPO-Edge. com/strike-gold-with-gmgi-and-meridianbets-global-gaming-powerhouse/

IPO Edge Insights

The recent article by IPO Edge analysts casts a spotlight on the strategic merits of the $300 million acquisition of MeridianBet Group by Golden Matrix. According to the portal, this bold move is poised to establish a global gaming juggernaut with projected sales reaching $182 million by 2025. The merger not only signifies a monumental leap in market expansion, spanning over 15 markets including Serbia, Montenegro and Bosnia but also underscores the entity’s prowess in emerging markets such as Mexico, Tanzania and Peru.

A Story of Strategic Growth and Innovation

At the heart of the Golden Matrix acquisition of MeridianBet Group lies a shared commitment to innovation and customer satisfaction as the combined group owns a scalable tech platform that leverages machine learning for continuous improvement, alongside unique betting features like Empty Bet, which empowers players to craft their own bets. This synergy of technological advancement and market intelligence sets the stage for an unprecedented growth trajectory in the online gaming sector.

Financial Prudence and Future Prospects

Underscoring the merger’s financial strategy, IPO Edge commends the conservative financing approach, with an anticipated 2x leverage post-merger. This prudent fiscal management, coupled with the leadership of Chief Executive Officer Brian Goodman, enhances the company’s capacity for further strategic mergers and acquisitions.

The CSR Segment

The merger’s dedication to corporate social responsibility, with initiatives aimed at converting players into patrons of meaningful CSR programs, distinguishes it beyond financials and market expansion. This commitment reflects a broader vision of achieving profitability while fostering a positive social impact.

The Market Potential Not Yet Anticipated

As pointed out by this analysis, the market may not fully recognize Golden Matrix’s potential yet. The company’s enterprise value is close to $400 million. That compares with multiples of eight times for Caesar’s Entertainment and a whopping 22 times for DraftKings, according to Sentieo, an AI-enabled research platform.

For more information about the Golden Matrix, please visit https:/ /GoldenMatrix. com/company/ or https:/ /ir.MeridianBet. com/.

Continue Reading

Conferences in Europe

Announcing the 2024 European Gaming Congress: A New Chapter in iGaming Excellence

Published

on

Announcing the 2024 European Gaming Congress: A New Chapter in iGaming Excellence
Reading Time: 2 minutes

 

HIPTHER, the leading Event Organizer for multiple GameTech industries, is thrilled to announce that the European Gaming Congress (EGC) is gearing up for an extraordinary 2024 edition, poised to redefine industry standards and foster unprecedented growth in the iGaming sector. Set against the backdrop of groundbreaking technological integration and extensive regulatory updates, this event is a must-attend for anyone involved in the gaming and tech industries.

Infinite Opportunities in iGaming

Scheduled to continue the esteemed “Via Infinita” mission, the 2024 European Gaming Congress promises to be an influential gathering, spotlighting the infinite possibilities within the realms of iGaming innovation. The event will focus particularly on iGaming operators and affiliates, offering insights into revolutionizing the affiliate industry, mastering the infinite game of SEO, and pushing the boundaries of marketing and communication. Additionally, the rapid evolution of fintech and the expansive applications of blockchain technology, dubbed ‘The Infinite Ledger’, will be key discussion topics.

A Convergence of Industry Leaders

EGC 2024 is set to host an array of influential speakers and attendees, including C-level executives, compliance experts, and government officials from across Europe. These industry leaders will come together to share their expertise on crucial compliance updates affecting key regions such as Poland, Italy, Spain, France, the Netherlands, Greece, the D-A-CH region, and the Nordics. This diverse gathering of minds will provide a comprehensive view of the latest regulations and best practices, ensuring all participants are at the forefront of the latest industry developments.

Celebrating Excellence: The EiGE Awards

In conjunction with the conference, the 2024 edition of the European iGaming Excellence Awards (EiGE Awards) will celebrate and honor the achievements of top players within the European iGaming ecosystem. This prestigious awards ceremony is a testament to the industry’s vibrant innovation and enduring excellence, providing attendees an opportunity to witness the pinnacle of iGaming achievement.

Networking and Growth

The European Gaming Congress will not only be a platform for learning and updates but also a dynamic space for networking and collaboration. The integration of gaming with blockchain, artificial intelligence, and fintech experts is set to create a multifaceted forum for strategic partnerships and growth opportunities.

Join the Forefront of Gaming Innovation

Do not miss out on the most anticipated iGaming event of the year. The European Gaming Congress offers a unique opportunity to connect with leaders from various sectors, explore new business opportunities, and be at the cutting edge of gaming technology and innovation. Whether you are a startup, an established operator, or a seasoned affiliate, EGC 2024 is where you will find the tools and insights to propel your business to new heights.

Join us at the European Gaming Congress 2024 and be part of shaping the future of the gaming industry. This is where the journey to infinite possibilities begins!

Register here to catch the Early Bird Tickets!

Continue Reading
Advertisement
Alpha Affiliates
Advertisement

EveryMatrix

Advertisement

SaaS-builder for partner program development and performance marketing optimization

Advertisement

Launch your iGaming business swiftly and effortlessly with our comprehensive turnkey solutions

Trending

Get it on Google Play

EuropeanGaming.eu is a premier online platform that serves as a leading information hub for the gaming and gambling industry. This industry-centric media outlet reaches over 200,000 readers monthly, providing them with compelling content, the latest news, and deep-dive insights.

Offering comprehensive coverage on all aspects of the gaming sector, EuropeanGaming.eu includes online and land-based gaming, betting, esports, regulatory and compliance updates, and technological advancements. Regular features encompass daily news articles, press releases, exclusive interviews, and insightful event reports.

The platform also hosts industry-relevant virtual meetups and conferences, and provides detailed reports, making it a one-stop resource for anyone seeking information about operators, suppliers, regulators, and professional services in the European gaming market. The portal's primary goal is to keep its extensive reader base updated on the latest happenings, trends, and developments within the gaming and gambling sector, with an emphasis on the European market while also covering pertinent global news. It's an indispensable resource for gaming professionals, operators, and enthusiasts alike.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2024 - European Gaming is part of HIPTHER. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.