Connect with us
SoftSwiss
Playson

Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

George Miller

Published

on

Popular Gambling App Exposed Millions of Users in Massive Data Leak
Reading Time: 5 minutes

 

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

  • Date discovered: 19th March 2020
  • Date vendors contacted: 23rd March 2020
  • Date of contact with AWS: 31st March 2020
  • Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

  • “enter game”
  • “win”
  • “lose”
  • “update account”
  • “create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

  • IP addresses
  • Email addresses
  • Winnings
  • Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

  • USA – 10,000+
  • UK – 2,475+
  • France – 1,650+
  • Israel – 408+
  • Germany – 1,582+
  • Spain – 1,026+
  • Italy – 2,407+
  • Netherlands – 622+
  • Australia – 6,251+
  • Canada – 7,792+
  • Brazil – 3,859+
  • Sweden – 191+
  • Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

  1. Trick them into providing their credit card details
  2. Trick them into providing additional PII to be used against them in further fraud
  3. Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

  1. Securing their servers.
  2. Implementing proper access rules.
  3. Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted. 

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

The purpose of this web mapping project is to help make the internet safer for all users.

 

Source

Affiliate Industry

Affilka enters into partnership with ProperSix Casino

George Miller

Published

on

Affilka enters into partnership with ProperSix Casino
Reading Time: 2 minutes

 

Affilka, an Affiliate Marketing Platform developed by SoftSwiss inked a deal with a third-party brand ProperSix Casino. Now SoftSwiss will be providing its state-of-art services to the newly-launched online crypto casino brand.

An affiliate program of ProperSix Casino will be powered by Affilka, providing its users with a unique combination of transparency and functionality including an extremely flexible commissions constructor aimed at optimising marketing expenses.

A new crypto casino ProperSix is entering the market, giving players the chance to play various games online by using their cryptocurrencies. Customers will be able to play with ProperSix tokens or other most known cryptocurrencies, including BTC, ETH and USDT. With the casino having just been launched, 30 new and original games are ready for players from around the world. With many different bonus systems that help achieve the highest payouts, the luckiest players are sure to win big.

Furthermore, after an increasingly effective integration process with Affilka, the client decided to expand the area of cooperation between SoftSwiss and ProperSix by also signing a deal with SoftSwiss Game Aggregator. The project is bound to be fully integrated later in Q2 and will provide ProperSix Casino with a cost-effective, yet very efficient one-stop-shop solution with a wide portfolio of game providers that are constantly replenishing.

Anastasia Borovaya, Product Owner of Affilka commented on this event: “Affilka may be a newcomer among affiliate marketing software providers in the iGaming industry. Yet it keeps on proving itself as a reliable, secure and very strong and cost-effective tool for iGaming operators. We’re super excited to launch this project alongside ProperSix and are looking forward to very productive cooperation!”.

Richard Haverinen, CEO of PROPERSIX OU noted: “ProperSix is proud to announce that it will be collaborating with SoftSwiss Game Aggregator to ensure the best user experience and many more games to get jackpots in. Furthermore, Affilka by SoftSwiss will ensure reliable, safe and trustworthy operation along with high load resistance. The Online Casino is already live, so people are already purchasing ProperSix tokens and getting ready to see if they will be the ones to get the biggest payouts”.

 

 

About SoftSwiss

SoftSwiss is an international tech company supplying widely acclaimed, certified software solutions for managing iGaming operations. SoftSwiss holds a number of gaming licenses, providing a “one-stop-shop” white label casino solution by taking care of all technical, legal, and financial processes on behalf of its customers. The company has a vast product portfolio, which includes an Online Casino Platform, Game Aggregator with thousands of casino games, an Affiliate Platform, and a recently launched sportsbook platform. In 2013 SoftSwiss was the first in the world to introduce a bitcoin-optimized online casino solution. The company has thus been regarded as the leading technical expert when it comes to the use of cryptocurrencies in online gaming.

About ProperSix Casino

New crypto casino ProperSix is entering the market, giving players the chance to play various games online by using their cryptocurrencies. Customers will be able to play with ProperSix tokens or other most known cryptocurrencies, including BTC, ETH and USDT.

Continue Reading

Latest News

OneTouch and BWG launch epic quest for lost love in The Maiden & The Swordman

George Miller

Published

on

OneTouch and BWG launch epic quest for lost love in The Maiden & The Swordman
Reading Time: < 1 minute

 

Mobile-first games developer OneTouch has partnered with Big Wave Gaming (BWG) to launch The Maiden & The Swordsman, a stunningly designed, graphic rich slot that sees players join the game’s hero in his quest to find his true love.

The five-reel, three-row, 50-line slot follows the journey of the Swordman as he battles the elements to reach his beloved Maiden uncovering huge wins and a treasure trove of bonus features along the way.

If players reveal three or more scatters they are rewarded with an unlimited number of free games, or up to 10 free games including a unique ‘nudge’ feature that could turn wins into even bigger prizes. Players’ fortunes can improve further if they uncover the Wild waterfall symbol that takes over the reel and can lead to even larger potential pay outs.

OneTouch has experienced huge success and growth with its cutting-edge mobile-first slots, tables games and live casino products in 2021, alongside the signing of several landmark commercial agreements and partnerships including with Relax Gaming that has integrated its suite of games and provides OneTouch with access to its host of tier-one operators.

Petra Maria Poola, Head of Business Development and Operations at OneTouch, said: “The Maiden & The Swordman is a beautifully designed game and we’re delighted with the results of our partnership with BWG. Players will revel in going on an epic journey across a mysterious land, packed with adventure, with our two central characters and discover hidden features and bountiful prizes along the way with the potential to pick up massive wins.”

Continue Reading

Baltics

Latvian Parliament Rejects Amendments to the Law on Gambling and Lotteries

Niji Narayan

Published

on

Latvian Parliament Rejects Amendments to the Law on Gambling and Lotteries
Reading Time: 2 minutes

 

The Latvian parliament has decided to reject amendments to the Law on Gambling and Lotteries. The proposed amendments would have been used to limit gambling in the country.

These amendments were developed by members of the New Conservative Party and KPV LV. Saeima deputy Juris Jurašs urged other members of the parliament to support this legislative draft, commenting that about 80,000 people in Latvia suffer from gambling addiction and for 15,000 of them this problem is severe.

He believes the proposed amendments would become a small step towards forming a healthier society.

“Gambling halls in Latvia are a lasting disease that certain people rich, it needs to be treated,” he said.

Jurašs stressed in particular that the gambling situation is critical. After the parliament had rejected the legislative draft Saeima deputy Krišjānis Feldmans from New Conservative Party wrote on his Twitter profile that Attīstībai/Par! political party is a plague for Latvian politics, commenting how the party voted against limiting gambling.

35 Saeima deputies voted in favour of passing the draft to the Budget and Finance Committee, 15 voted against and 27 deputies abstained. And so the legislative draft was rejected somehow.

The annotation mentions that the purpose of the proposed amendments is limiting the number of gambling locations in Latvia and reducing the negative effect gambling has on public health and people in general.

The legislative draft explains that people who participate in gambling and lotteries are subjected to an excessive addiction risk. Gambling addiction or a pathological need to engage in gambling is characterised with frequent gambling episodes, which quickly become the person’s main point of interest, impacting his or her social, professional, and family values, as well as negatively impacting his or her finances.

According to the study performed by SKDS in 2016, 26% of respondents who engaged in gambling in the past 12 months admitted having situations when gambling took over so much of their life that the outside world ceased to exist to them for some time.

The legislative draft also proposed making it so that casinos would be permitted only in four or five-star hotels in Latvia.

The annotation mentions that studies show that localization or limitation of gambling halls and casinos is one of the ways to limit and reduce problematic gambling habits.

It was also planned to impose a limit on open hours of gambling halls.

Deputies also proposed prohibiting alimony avoiders from engaging in gambling. The Maintenance Guarantee Fund Law already provides multiple restrictions for debtors to motivate them to fulfil their duties – pay alimony and provide their children with finances.

Continue Reading
Advertisement
Lightning Roulette by NSoft
Advertisement
EvoPlay
Advertisement
Kasyno Online na HEX Polska

Subscribe to our News via Email

Enter your email address to subscribe to our news and receive notifications of new posts by email.

Trending

Notice for AdBlock users

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.