Connect with us
Affilka

Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

Published

on

Popular Gambling App Exposed Millions of Users in Massive Data Leak
Reading Time: 5 minutes

 

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

  • Date discovered: 19th March 2020
  • Date vendors contacted: 23rd March 2020
  • Date of contact with AWS: 31st March 2020
  • Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

  • “enter game”
  • “win”
  • “lose”
  • “update account”
  • “create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

  • IP addresses
  • Email addresses
  • Winnings
  • Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

  • USA – 10,000+
  • UK – 2,475+
  • France – 1,650+
  • Israel – 408+
  • Germany – 1,582+
  • Spain – 1,026+
  • Italy – 2,407+
  • Netherlands – 622+
  • Australia – 6,251+
  • Canada – 7,792+
  • Brazil – 3,859+
  • Sweden – 191+
  • Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

  1. Trick them into providing their credit card details
  2. Trick them into providing additional PII to be used against them in further fraud
  3. Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

  1. Securing their servers.
  2. Implementing proper access rules.
  3. Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted. 

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

The purpose of this web mapping project is to help make the internet safer for all users.

 

Source

eSports

Galaxy Racer content creator and YouTube sensation AboFlah smashes two GUINNESS WORLD RECORDS™ titles while raising over US$11M for charity

Published

on

Galaxy Racer content creator and YouTube sensation AboFlah smashes two GUINNESS WORLD RECORDS™ titles while raising over US$11M for charity
Reading Time: 3 minutes

 

Galaxy Racer (GXR), the biggest esports, gaming and lifestyle organisation, headquartered in Dubai, is pleased to announce that its content creator, AboFlah, has successfully raised over US$11M in a charity stream for The World’s Coolest Winter campaign. Whilst completing the stream, AboFlah also officially broke two GUINNESS WORLD RECORDS™ titles for the “Longest live-stream (video)”, recording live for 268 hours 14 mins 20 seconds and “Most viewers for a charity donation live stream on YouTube”, attracting 698,000 peak concurrent views.

The World’s Coolest Winter campaign, celebrates the UAE’s most beautiful tourism destinations, extended it’s humanitarian support to more than 100,000 refugees and people in need through a new humanitarian initiative called Warm Winter. The campaign aims to support hundreds of thousands of refugees and families in need in Africa and the Arab world by providing food, winter clothing, blankets, mattresses and critical aid to help displaced men, women and children prepare for harsh winter conditions. The campaign is being held in partnership with Mohammed bin Rashid Al Maktoum Global Initiatives (MBRGI) and Galaxy Racer. The essential aid will be distributed with the support of the UN refugee agency, United Nations High Commissioner for Refugees (UNHCR) and the Food Banking Regional Network.

As part of the campaign, AboFlah lived in a glass room in Downtown Dubai, near the Burj Khalifa and streamed continuously for 268 hours until the target of US$10 million was raised. While in the room, AboFlah encouraged people to donate and spent the majority of his time in front of his computer interacting with fans and those donating to the cause. The stream also attracted global attention and donations from celebrities and influencers including the likes of actress Kristin Davies, actor Amr Maskoun as well as content creators Noor Stars and Omar Farooq.

Launching his YouTube channel in 2017, AboFlah began posting gaming content of him playing FIFA17 before creating content on Fall Guys and Fortnite. His YouTube channel is one of the fastest-growing YouTube channels in the world, with over 23 million subscribers and over 3 billion views. He is followed by millions of fans who avidly watch his vlogs, comedy shorts and formatted shows covering video games and popular culture. AboFlah went on to join Galaxy Racer’s content creator team in 2020, which already boasts some of the biggest content creators in the MENA and Southeast Asia region including fellow YouTube sensation Noor Stars. The organisation now carries over 100 content creators, with a total reach of over 500 million followers across all platforms and more than 2.5 billion monthly views.

Galaxy Racer launched in 2019 and has already become one of the biggest esports, gaming, and lifestyle organisations globally. The organisation has five separate business offerings; Content Creators, Esports Teams, Tournament Management, Merchandising and Lifestyle and GXR Records, a newly established record label that already carries two signed artists from the MENA region and are looking to expand globally.

Galaxy Racer content creator and YouTube sensation, Hassan Suleiman “AboFlah” said: “Warmth in winter for those facing harsh winter conditions is no less important than food and water. There are millions of refugees and displaced people who need all the support they can get. I am proud and thrilled we achieved our goal and raised over US$11 million and brought warmth to the lives of those who are deprived of it. Thank you to everyone who generously donated!

We have proven that Arab youth are capable of changing reality, even with small deeds, and reaching a bright future. “People for People.” This sentence is not a metaphorical slogan, but it was manifested by the huge numbers of donors who felt compassion toward the suffering of refugees and displaced people. This reflects the huge impact this campaign had, which drove viewers’ enthusiasm for participation.

The societal role depends on everyone’s participation, believing in the importance of upholding our human values, and the solidarity in supporting the ones in need. Everyone of us has a role to play in creating the desired positive impact. UAE is the homeland of virtues, and the humanitarian moral actions in this blessed country transcend borders and can’t be stopped by obstacles, such deeds present the community with moral values that our Arab region is in dire need for.”

Galaxy Racer Founder and CEO, Paul Roy said: “We are amazed and grateful by the immense generosity shown by the fans, community and the general public. Raising over US$11 million is no easy task and we’re glad to be part of this humanitarian initiative which will positively impact the affected 100,000 refugees. Smashing two GUINNESS WORLD RECORDS™ titles is impressive and a testament to the resilience shown by AboFlah, the Galaxy Racer team, together with our partners MBRGI, UNHCR and the Food Banking Regional Network. We thank you everyone for participating in this record-breaking charity initiative and we look forward to more positive impact initiatives.”

Continue Reading

Latest News

AGEM Announces 13 New Members Join Organization

Published

on

AGEM Announces 13 New Members Join Organization
Reading Time: 2 minutes

 

The Association of Gaming Equipment Manufacturers (AGEM) announced that its Board of Directors has approved the membership applications of 13 new companies, bringing the trade group comprised of the world’s leading gaming suppliers to a total of 172 members.

 

The new AGEM members are:

  • Acres, based in Las Vegas, is a systems provider to casinos, specializing in connecting real-time machine and player data to advanced analytics and bonusing.

 

  • BDO USA, based in Chicago with a large presence in Las Vegas, delivers assurance, tax, and financial advisory services to clients throughout the country and around the globe.

 

  • Fantalooks, based in Incheon, South Korea, is a display solutions provider for use in slot machines and other casino, sports betting and amusement applications.

 

  • Fireplay Games, based in Omaha, Nebraska, is focused on innovation in the gaming industry, including implementing skill features for Class III games.

 

  • Global Payments Gaming Solutions, based in Las Vegas as a division of Atlanta-based Global Payments, provides industry-leading commerce solutions and enables gaming companies to create superior consumer experiences across all physical and digital properties.

 

  • High 5 Games, based in Mahwah, N.J., is one of the largest independent casino games providers, developing content for the land-based, mobile, online, and social markets.

 

  • Lewis Roca, based in Phoenix with offices in Las Vegas, Reno and throughout the West, is a full-service law firm with a significant gaming practice focused on land-based, online, and tribal clients.

 

  • LOTREC Games, based in Orange, France, features a new copyrighted series of Class III casino table games aimed to boost the overall casino table games industry.

 

  • MicroTouch TES, based in Holland, Michigan, is a global provider of touch display modules and all-in-one multi-touch computer systems.

 

  • Passport Technology, based in Glendale, California, is a leading developer of technology-based solutions and services for the highly regulated payments, gaming, and financial services markets.

 

  • Play’n GO, based in Malta, is a leading software development company to operators in the gambling industry with more than 500 employees at hubs in the UK, Malta, Sweden, Hungary and the Philippines.

 

  • SuperBook Sports, based in Las Vegas with operations in multiple states, is a leader in the in-person and mobile app sports betting markets.

 

  • Theatro, based in Richardson, Texas, features a solution that enables employees in gaming, hospitality and retail to enhance customer service through the power of voice.

AGEM is a non-profit international technology trade association representing manufacturers and suppliers of electronic gaming devices, lotteries, systems, iGaming / online, game content, table games, sports betting, key components and support products and services for the gaming industry. AGEM works to further the interests of gaming equipment suppliers throughout the world. Through political action, regulatory influence, trade show partnerships, educational alliances, information dissemination and good corporate citizenship, the members of AGEM work together to create benefits for every company within the organization. Together, AGEM has assisted regulatory agencies and participated in the legislative process to solve problems and create a business environment where AGEM members can prosper while providing a strong level of support to education and responsible gaming initiatives.

Continue Reading

Latest News

Svenska Spel takes Harvest Wilds by Hacksaw Gaming live exclusively!

Published

on

Svesnak Spel takes Harvest Wilds by Hacksaw Gaming live exclusively!
Reading Time: 2 minutes

 

Hacksaw Gaming’s Harvest Wilds slot has launched today exclusively with Swedish state-owned operator Svenska Spel Sport & Casino, 2 weeks before the official network-wide launch.

The exclusive agreement will see players at Svenska Spel Sport & Casino able to play this new harvest farm-produce themed 7×7 grid slot, featuring a max win of upto 10,000x. Harvest Wilds has a Hoppers™sunflower multiplier symbol that can grow in value and is also wild!

The partnership between Hacksaw and Svenska Spel, which has been made possible by Scientific Gaming’s OGS platform, has been growing from strength to strength since the launch in November 2021.

Commenting on the exclusive game release Marcus Cordes, COO at Hacksaw Gaming said: “We’re excited to partner with Svenska Spel for the exclusive early launch of Harvest Wilds, which we feel is another strong game to add to our portfolio of slots. It’s very important to us for leading operators, especially in regulated markets, to see the potential in our portfolio and want to partner to ensure they have our content in their markets before the rest of our network. We look forward to this partnership growing furthermore in the months to come.”

Aside from this exclusive game, which will be live from 19th January 2022. Svenska Spel Sport & Casino already has all of Hacksaw Gaming’s standard slot content live which includes hit titles Wanted Dead or a Wild, Chaos Crew and Joker Bombs.

Niklas Örtbrant Head of Online Casino from Svenska Spel Sport & Casino said “We have had a great start of our partnership with Hacksaw Gaming and we can see that their quality games are a perfect match in our portfolio of games and for our customers. To be able to launch an exclusive early launch of Harvest Wilds is another milestone that we are sure our players will be exited to try out. ”

Harvest Wilds will be made available network wide on 2nd February 2022, this will be Hacksaw Gaming’s 3rd game release in 2022 so far.

Continue Reading
Advertisement
Advertisement
EvoPlay
Advertisement
Kasyno Online na HEX Polska

Subscribe to our News via Email

Enter your email address to subscribe to our news and receive notifications of new posts by email.

Trending

Notice for AdBlock users

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.