Connect with us
SOFTSWISS

Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

Published

on

Popular Gambling App Exposed Millions of Users in Massive Data Leak
Reading Time: 5 minutes

 

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

  • Date discovered: 19th March 2020
  • Date vendors contacted: 23rd March 2020
  • Date of contact with AWS: 31st March 2020
  • Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

  • “enter game”
  • “win”
  • “lose”
  • “update account”
  • “create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

  • IP addresses
  • Email addresses
  • Winnings
  • Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

  • USA – 10,000+
  • UK – 2,475+
  • France – 1,650+
  • Israel – 408+
  • Germany – 1,582+
  • Spain – 1,026+
  • Italy – 2,407+
  • Netherlands – 622+
  • Australia – 6,251+
  • Canada – 7,792+
  • Brazil – 3,859+
  • Sweden – 191+
  • Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

  1. Trick them into providing their credit card details
  2. Trick them into providing additional PII to be used against them in further fraud
  3. Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

  1. Securing their servers.
  2. Implementing proper access rules.
  3. Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted. 

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

The purpose of this web mapping project is to help make the internet safer for all users.

 

Source

Continue Reading
Advertisement




Prague Gaming & TECH Summit 2024

Click to comment

Latest News

Online Gambling in France: New Technologies and Opportunities for Players

Published

on

Reading Time: 3 minutes

 

In the era of online gambling, France stands as a beacon of culture and innovation. Supervised and controlled by government authorities like the Autorité Nationale des Jeux (ANJ), French online casinos provide gamblers with a mixture of protection and technological advances. Within this framework, Twin Casino France and other licensed casinos indicate their dedication to safety and player protection, providing a way to a world of gaming possibilities.

Just as technology continues to grow, online gambling has that character of growth towards it in France. This ranges from the popularity of mobile gambling to the integration of virtual reality. In this article, we explore how online gaming is taking shape in France and bring out what it holds for players as this sector changes its way of doing things.

Gambling in France

Gambling is in the hearts of many in France. Based on the survey, 14% of French people said they gamble frequently, whilst 40% gamble from time to time. From interesting sports betting to strategic poker, French fans enjoy a wide style of betting alternatives. Here are the most popular of them:

  • Sports Betting: Betting on sports is super popular in France. French bettors wager on a variety of sports like football, tennis, rugby, and horse racing. Big international sports events like FIFA and the UEFA entice plenty of bettors.

  • Poker: Poker has a strong following in France, and there are many players in virtual poker rooms. French gamers enjoy competing in online poker competitions and cryptocurrency games, as well as live events.
  • Online Slots: Online gambling slots are one of the most played games, and France is no exception. French gamers revel in plenty of slot issues and patterns, starting from conventional classic fruit machines to contemporary video slots with advanced pictures and skills. 
  • Online Casino Games: Beyond slots, French gamers also like various traditional casino games. Nearly all online casinos provide live dealers of these games to create a similar experience as in real life.

As gamers navigate this gambling experience, they are seeking reliable internet casinos; like every human on the planet, they want to feel safe. Alongside other reputable sites like Sportaza, 1xBet, 22Bet, and others, gamers have a variety of alternatives to pick from. With strict regulations and a safe environment, the future of online gambling in France appears promising. Here are a few interesting stats:

  • The French market for online gambling is promised to reach US$4.12b.
  • The market for online sports betting is going to have a market volume of US$1.91 billion in 2024.
  • The average revenue generated per user in France is about to be US$0.55k in 2024.
  • The number of online gamblers is promised to reach 8.9m by 2028.
  • The annual growth rate between 2024 and 2028 is expected to be 4.70%.

The French Gambling market is going to keep growing, like in every country in the world. Experts say that this growth is driven by online casinos constantly implementing new technologies, which keep players engaged.

Innovative Technology in Online Gaming

New technology in gambling is everywhere, be it an online gaming house. Over the past several years, mobile gambling has been one of the leading driving forces for growth. People are leaving offline gaming for mobile gambling. Nobody ever heard of mobile gambling a decade ago, but now, a thousand casinos offer the games on mobile apps. You can easily check the mobile casino and make money while in transit or as you ride on a bus. France is not an exception. It keeps up with the latest world trends, and its mobile gambling value is growing as well.

However, it is not only mobile gambling that drives the growth of online casinos. There are also a few other factors, such as:

  • Online gaming operators are adopting social media to promote their online casinos and attract new customers who can sign up and enjoy playing on their websites and mobile applications.
  • Artificial intelligence: AI focuses on collecting data concerning gamers’ gaming tendencies and then forming patterns based on them. In order to make them play more, game developers then employ these designs that make the games more interesting to players.
  • The emergence of augmented reality (AR) and virtual reality (VR) technologies has transformed the gambling experience, making it more interesting for gamers by integrating them into beautiful computerized worlds. These advancements make it possible to transport the mood of a land-based casino directly to your home if you own requisite compatible devices.

However, all these elements have not just promoted growth in the past but will also do so soon.

Conclusion 

In particular, the online betting industry in France continues to grow and is expected to reach nearly $4.12 billion by the end of 2024. This is attributed to a number of factors, including the rising trend of mobile gaming, advertisement techniques on social media sites, and advances in artificial intelligence (AI) and virtual reality (VR). These aspects are meant to make gambling more exciting and attract new entrants into the sector, further enhancing its growth rate. As the generation continues to enhance, the destiny of online Gambling in France appears promising, with many new possibilities on the horizon.

Continue Reading

Latest News

BOLDPLAY GAMES NOW LIVE WITH ALEA

Published

on

BOLDPLAY GAMES NOW LIVE WITH ALEA
Reading Time: 2 minutes

 

Sought-after software provider teams up with award-winning aggregator in huge new deal

Leading developer of premium online casino games, Boldplay, has announced the completion of a brand-new partnership agreement with Alea that will see its full suite of over 100 titles added to the latter’s ever-expanding portfolio.

With the current Boldplay line-up boasting cutting edge slots like the recently-launched Paddy’s Pints and the heavyweight smash, Brute Force, as well as table games, bingo and keno releases and virtual scratch cards, the deal will enable the provider to connect with new players around the globe while also helping Alea significantly broaden the range of titles it supplies to operators.

Boasting a catalogue of well over 10,000 releases, Alea is considered to be one of the industry’s premier casino game aggregators and has many awards to prove it.

Launching in 2019, Boldplay has carved out an equally formidable reputation in iGaming thanks in no small part to its engaging games, rewarding jackpots and signature free spins features. Resonating with both players and operators alike, the provider is currently certified to distribute games in the UK, Malta, Gibraltar, Isle of Man and Portugal, with more jurisdictions soon to follow.

As such, this meeting of two prominent industry players comes as great news for any online casino platforms that use Alea for their game aggregation needs, with operators now able to offer customers the hottest Boldplay titles without needing to update their existing integration.

Speaking on the new partnership with Alea, Boldplay Commercial Director, Gary Francis, said: “With well over 10,000 releases in their current line-up and multiple awards already under their belt, there can be no doubt that Alea are one of the iGaming industry’s top aggregators and we feel very honoured that they’ve now chosen to add Boldplay games to their prestigious portfolio.

“It goes without saying that such a high-profile collaboration will further Boldplay’s efforts to ensure our games are seen by as many players in as many markets as possible, but from an operator’s perspective, I think our titles will really help them increase engagement as they introduce users to a unique range of themes and features they won’t find from any other provider.”

Continue Reading

Asia

South Korea’s Mohegan INSPIRE Entertainment Resort is Live with State-of-the-Art Property Management and Point-of-Sale Hospitality Software Solutions from Agilysys

Published

on

Reading Time: 2 minutes

 

Agilysys Inc., a leading global provider of hospitality software solutions and services, announced that it has successfully implemented multiple state-of-the-art hospitality solutions on a unified cloud-based platform to optimise operations across Mohegan INSPIRE Entertainment Resort, South Korea’s largest entertainment-integrated resort destination.

Multiple Agilysys hospitality technology solutions designed to work together to deliver operational efficiency and analytical insights will drive enhanced revenue opportunities and enable superior experiences for staff and guests, all with the scale and flexibility required to serve the expansive and diverse entertainment-integrated resort property. Agilysys PMS and POS solutions began supporting hotel and food & beverage operations at the property in December 2023 and expanded to support both gaming and non-gaming patrons when the property’s casino opened on February 3. Agilysys “serious about service” implementation experts have worked alongside the INSPIRE team to configure and deploy these solutions to meet the exacting standards required to support this new-generation resort.

In addition to Agilysys PMS and Agilysys POS, Agilysys solutions for booking, dining reservations, service management, mobile food & beverage ordering and document imaging are live. Agilysys solutions for mobile check-in and check-out and to manage loyalty and promotions are in the process of being deployed soon.

John Ware, Vice President, Global IT Services and Support for Mohegan – which owns, develops and operates Mohegan INSPIRE in South Korea along with seven other premiere entertainment-integrated resorts in North America – said: “Agilysys has a long track record of implementing integrated hospitality technology on a grand scale. I expect that these solutions will allow us to understand each guest at an individual level and engage each of them in a personalized way throughout their stay. I would also like to appreciate Agilysys for working with us in ways that honor the sovereignty and cultural values of the Mohegan Tribe.”

Agilysys President and CEO Ramesh Srinivasan said: “Taking such a broad array of solutions – including our modern state-of-the-art PMS platform – live at the scale and diversity INSPIRE Korea requires marks a meaningful milestone for Agilysys in the Asia-Pacific region. INSPIRE Korea creates marvelous, unforgettable experiences for guests of all generations and from all corners of the world. We are honored to have Agilysys technology underlying this property’s top-notch, high-touch hospitality while also supporting the operational efficiency and revenue-per-guest insights essential to achieving its mission of ‘Inspiring Worlds, Inspiring People’.”

Mr. Srinivasan continued: “We look forward to continuing to serve INSPIRE Korea as the organization executes its impressive plans for elevating and transforming hospitality for guests from around the world.”

Continue Reading
Advertisement
Alpha Affiliates
Advertisement

EveryMatrix

Advertisement

Launch your iGaming business swiftly and effortlessly with our comprehensive turnkey solutions

Trending

Get it on Google Play

EuropeanGaming.eu is a premier online platform that serves as a leading information hub for the gaming and gambling industry. This industry-centric media outlet reaches over 200,000 readers monthly, providing them with compelling content, the latest news, and deep-dive insights.

Offering comprehensive coverage on all aspects of the gaming sector, EuropeanGaming.eu includes online and land-based gaming, betting, esports, regulatory and compliance updates, and technological advancements. Regular features encompass daily news articles, press releases, exclusive interviews, and insightful event reports.

The platform also hosts industry-relevant virtual meetups and conferences, and provides detailed reports, making it a one-stop resource for anyone seeking information about operators, suppliers, regulators, and professional services in the European gaming market. The portal's primary goal is to keep its extensive reader base updated on the latest happenings, trends, and developments within the gaming and gambling sector, with an emphasis on the European market while also covering pertinent global news. It's an indispensable resource for gaming professionals, operators, and enthusiasts alike.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2024 - European Gaming is part of HIPTHER. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.