Connect with us
SIS

Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

George Miller

Published

on

Popular Gambling App Exposed Millions of Users in Massive Data Leak
Reading Time: 5 minutes

 

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

  • Date discovered: 19th March 2020
  • Date vendors contacted: 23rd March 2020
  • Date of contact with AWS: 31st March 2020
  • Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

  • “enter game”
  • “win”
  • “lose”
  • “update account”
  • “create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

  • IP addresses
  • Email addresses
  • Winnings
  • Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

  • USA – 10,000+
  • UK – 2,475+
  • France – 1,650+
  • Israel – 408+
  • Germany – 1,582+
  • Spain – 1,026+
  • Italy – 2,407+
  • Netherlands – 622+
  • Australia – 6,251+
  • Canada – 7,792+
  • Brazil – 3,859+
  • Sweden – 191+
  • Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

  1. Trick them into providing their credit card details
  2. Trick them into providing additional PII to be used against them in further fraud
  3. Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

  1. Securing their servers.
  2. Implementing proper access rules.
  3. Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted. 

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

The purpose of this web mapping project is to help make the internet safer for all users.

 

Source

Gambling in the USA

Playtech Casino launches with bet365 in New Jersey

George Miller

Published

on

Playtech Casino launches with bet365 in New Jersey
Reading Time: < 1 minute

 

Playtech, the world’s leading gambling technology company, today announces it has launched its award-winning Casino content with long-term strategic partner, bet365, in New Jersey.

The launch sees bet365 go live with a selection of Playtech’s best-performing games including Playtech classics like White KingGreat Blue, and Frankie Dettori’s™ Magic Seven.

The partnership marks the first step for Playtech into the US market, with plans to partner with more New Jersey operators in the coming months. This follows Playtech securing regulatory approval for the market just last month. Playtech has also started the licensing process in other US jurisdictions.

bet365 entered the New Jersey market in 2019 and has since been providing its sportsbook and online casino to customers in the state.

A bet365 spokesperson, said: “We’re excited to partner with Playtech in order to expand our content offering to the US market. Given the range and caliber of Playtech’s content, being first to market it is a real differentiator for our platform. We look forward to developing upon our already solid partnership as we continue to grow our Casino offering.”

Shimon Akad, Playtech Chief Operating Officer, said: “This is a significant moment for Playtech and our development in the US. Launching Playtech’s software in the US is a landmark, and we are very pleased to be taking this step with one of our most trusted partners in bet365. With more titles and content launching in the coming weeks and months, there are exciting times ahead. This launch also serves as a prime example of our commitment to partnering with leading operators to bring leading software services and great content to new and growing markets.”

Continue Reading

Latest News

Week 32/2020 slot games releases

George Miller

Published

on

Week 32/2020 slot games releases
Reading Time: 4 minutes

 

Here are this weeks latest slots releases!

CT Gaming Interactive launches a new online game with fascinating cascading mechanics that will keep the players entertained for longer. Dark Woods is a cascading reels slot that will add excitement and dynamism to the experience. As players want more action and entertainment, including everything from detailed animations to in-depth features, Dark Woods is very appealing to this action-craving audience. The 30 pay-line game has Scatter which could appear on all reels. The winning symbols disappear only to be replaced with falling new symbols and it is going on for as long as there is a winning combination. The bet is taken only for the initial game and all subsequent cascade games are free for the player.

New cascade game release from CT Gaming Interactive

 

 

Amid scorching summer days and electric storms Tom Horn Gaming comes with a special treat for its players – a revamped version of its highly popular game 243 Crystal Fruits. In 243 Crystal Fruits Reversed the provider completely flips the old fruit video slot upside down and reverses mechanics of the original game, making the player experience a whole lot different. Not only does the game reverse original features, it comes in with amazingly tweaked visuals that complement the thrilling gameplay that is again sure to keep every ardent player on the edge of their seats right from the moment of hitting the Spin button.

Tom Horn Gaming shakes player experience to its foundations with its latest release 243 Crystal Fruits Reversed

 

Relax Gaming, is inviting players to a Spanish celebration brimming with winning potential in its latest release La Fiesta. The 5×4 slot is the supplier’s most feature-rich game to date, combining four unique Free Spins festivals, bonus round buy-ins and randomly activated mechanics to create a high-volatility gaming experience that replicates the excitement of a real-life fiesta. Triggered when three scatter symbols land on the reels, each of the Rose, Tomato, Bull and Stallion Free Spins rounds present players with the opportunity to claim engagement-enhancing prizes ranging from minigames and mega stacks to free spins and multipliers.

Relax Gaming hosts a festival of Free Spins in La Fiesta

 

 

Pragmatic Play, has added Aztec Gems Deluxe to its growing line of deluxe titles. The 3×3, fast-paced video slot adds a modern twist on a classic jewel-filled title with its fixed jackpots which are accessed through the Respin feature. If four Money Symbols land on the reels at the same time, the Respin round is triggered. This sees the Money Symbols remain sticky as players aim to fill the entire grid with matching symbols to win a bonus prize or a random multiplier, picked via a wheel spin.

Pragmatic Play Releases Sparkling New Hit: Aztec Gems Deluxe

 

 

This week Booming Games introduced it’s layest slot, Howling Wolves. This medium volatility 5×3 slot brings you deep into the native American environment, populated by one of the most important animals in their culture. For native Americans, the wolf represents courage, strength and loyalty. Some of their cultures even believe these majestic creatures to be a part of the family, also believing that members of their clan can take on the appearance and attributes of a wolf.

Booming Games presents Howling Wolves

 

Yggdrasil, has released Medusa Fortune and Glory, its latest YG Masters game in partnership with DreamTech Gaming. The 4×6, 4096 payline title transports players to the wonders of Ancient Greece as they battle mythological creatures for huge wins. If a Medusa wild lands on the screen, it has the potential to spread to other reels, adding up to three extra wilds per spin. The Free Games Feature is triggered if three or more Bonus symbols land in the same spin, giving players a choice between a Fortune Feature or Glory Feature round.

Yggdrasil releases new game Medusa Fortune & Glory with YG Masters partner DreamTech Gaming

 

Play’n GO are bringing some real attitude to the reels as they announce their latest slot offering, Blinged. A spiritual successor to their 2015 slot Pimped, this latest title is based around the world of rap, specifically female artists. Women take centre stage in this 5×3 video slot, as players attempt to make it to the top and bag the riches. The game is a reflection of some modern cultural themes with the rise in popularity of artists like Cardi B, Doja Cat and Megan Thee Stallion cementing women’s place at the forefront of music in recent times.

Play’n GO Shine with new Slot Title, Blinged

 

Continue Reading

Gambling in the USA

Michigan’s Sports Betting and Online Gambling To Bring $650M In First-Year Revenue, According to MichiganSharp.com

George Miller

Published

on

Michigan's Sports Betting and Online Gambling To Bring $650M In First-Year Revenue, According to MichiganSharp.com
Reading Time: 2 minutes

 

Sports betting and online casinos could produce as much as $93 million in first-year tax revenue in Michigan, according to projections from MichiganSharp.com.

The first of Michigan‘s online sports betting and casino platforms might launch by the end of 2020. This sets the stage for Michigan to become one of the top online gambling states in the U.S.

Competitive State Tax Rates Make for an Online Betting Hub

Gross revenue from sports betting, both online and retail, will be taxed at 8.4% from the state. Detroit‘s three commercial casinos pay an additional 1.25% city tax.

Michigan hosts 26 land-based casinos, all of which can be expected to offer sports betting and online gaming to the state’s 10-million population at some point.

“All of the pieces are in place for Michigan to become a major hub for sports betting and online gambling,” said Geoff Fisk, analyst for MichiganSharp.com. “Virtually all of the state’s casinos should want a piece of the new market, especially with the attractive tax rates.”

By comparison, New Jersey taxes land-based sports betting at 9.75% and online sportsbooks at 13%. Indiana‘s online sports betting tax is levied at 9.5%, while Pennsylvania taxes sports betting at 36%.

State lawmakers passed House Bill 4916 in December 2019, which legalized both retail and online sports betting. The bill also brings online casinos and online poker to the state, setting the stage for Michigan to become one of the biggest legal online gambling markets in the US.

All 26 of Michigan‘s retail casinos can apply for sports betting and internet gaming licenses through the Michigan Gaming Control Board. In a situation unique to Michigan, the state’s three commercial casinos, as well as the 23 tribal casinos, are eligible to offer internet gaming.

Online sports betting has proven massively successful in Pennsylvania and New Jersey. In both states, online wagering accounts for more than 80 percent of total sports betting revenue.

First-Year Revenue Projections of $650M, According to MichiganSharp.com

MichiganSharp.com projects that the state could bring in as much as $400 million in total first-year sports betting revenue, producing $33.6 million in tax revenue for the state.

“Mobile wagering should be the major revenue driver for Michigan‘s sports betting market,” Fisk said. “The convenience and ease of access of online sports betting opens up a whole new world of opportunities for both bettors and sportsbook operators.”

Online casino and poker revenue will be taxed at 20-28% from the state, using a tier system dependent on earnings. MichiganSharp.com projects that online casinos and poker could earn as much as $250 million in first-year operations, bringing in a possible $60 million in tax revenue.

MichiganSharp.com projects that total revenue from sports betting, online casinos, and online poker, could earn $650 million in year one of operations, resulting in $93.6 million in tax revenue for the state.

For more analysis and news on the latest developments in Michigan‘s legal gambling industry, visit MichiganSharp.com.

 

SOURCE MichiganSharp.com

Continue Reading
Advertisement
NSoft

Global Gaming Industry Newsletter – Weekly Digest (sent every Wednesday)

Please select all the ways you would like to hear from European Gaming Media and Events:

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here. Read more about European Gaming Media and Event's Privacy Policy and Terms of Service.

Subscribe to our News via Email

Enter your email address to subscribe to our news and receive notifications of new posts by email.

Trending

Notice for AdBlock users

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.