Non-Bonus Complaint Cherry Jackpot / Casino Max personal data issue

milemaster

Dormant account
Joined
Aug 24, 2005
Location
Yarnbombing, Phlugerstan
Hello all,

I don't want to be overly dramatic here, but my experience with the casino group that runs Cherry Jackpot and Casino Max is super alarming. In my two decades of gambling online I have never seen anything as scary as what I've experienced yesterday and today.

Long story short, I sent my verification documents into their support alias [email protected] and received an autoreply it was received. My documents consisted of a single PDF that had my drivers license, utility bill. and front and back of the credit cards I used.

A few minutes later I received a reply from their support indicating they will present my documents to the banking group, and included with that email was a direct url <snipped URL>..... (sensitive url hidden) that linked directly to my PDF file.

THERE IS NO AUTHENTICATION IN FRONT OF IT. Anyone can use that link and view all of my personal data I sent over and it's just on the internet. I tried it on 2 different computers with 3 different browsers, including my mobile phone and my documents downloaded and appeared.

I contacted support and was told not to worry as there is only risk if someone finds out the URL goes to it. The odds of someone "figuring it out is unlikely"

This is unbelievably wreckless to not put a password in front of it. My suggestion would be if you played at their casinos to check the confirmation emails you received when you sent your personal information and look for a link at the base of the email that begins with downloads.intercomcdn.com and click on it to see if your information comes up too.

Again, this can be accessed outside of their casino, your email box.. anyone with a browser on a device on the internet can view it. I know this casino is accredited, but to not put at least a password in front of it is pure idiocy.
 
Last edited by a moderator:

Casinomeister

Forum Cheermeister
Staff member
Joined
Jun 30, 1998
Location
Bierland
Dude, that URL was unique to you - and only you. You're the one being reckless here :p

This was up for only 20 minutes, but you may have compromised your cards if Google spidered this during that time. Please check.
 

milemaster

Dormant account
Joined
Aug 24, 2005
Location
Yarnbombing, Phlugerstan
Dude, that URL was unique to you - and only you. You're the one being reckless here :p

This was up for only 20 minutes, but you may have compromised your cards if Google spidered this during that time.

I stripped out half the URL before I posted it here and tested it. Ed Skull is incorrect. On the internet, there is no such thing as a link that is unique to anybody unless there is authentication in front of it. Putting people's data up on a public open CDN is crazy.
 
Last edited:

Karolina-CasinoMax

Accredited Casino Representative
Joined
Mar 3, 2017
Location
UK
Hi milemaster,

I can assure you and everyone else that any data provided to us is secured.

The link in the email was unique to you and no one else would have access to it if you didn’t share it publicly.

Ed skull murphy was correct - the link wasn’t edited therefore was active for anyone to view. By posting this unique link on here you compromised your own data.

Kind Regards,
Karolina
 

milemaster

Dormant account
Joined
Aug 24, 2005
Location
Yarnbombing, Phlugerstan
I can assure you and everyone else that any data provided to us is secured.
That cannot be true if there is no security in front of the public URL your system is generating. There are automated tools out there that crawl CDNs that are no joke. Put a password in front of it or at least let the players know that before submitting personal data that it will be put online in some form.

The link in the email was unique to you and no one else would have access to it if you didn’t share it publicly. Ed skull murphy was correct - the link wasn’t edited therefore was active for anyone to view. By posting this unique link on here you compromised your own data.
I didn't share it publicly here or anywhere. You didn't try the link obviously because I tested it thoroughly after I modified it and posted it. Unbelievable.
 

Casinomeister

Forum Cheermeister
Staff member
Joined
Jun 30, 1998
Location
Bierland
...

I didn't share it publicly here or anywhere. You didn't try the link obviously because I tested it thoroughly after I modified it and posted it. Unbelievable.
@milemaster I had just got back from dinner and saw this post. The link was live and your info was compromised. ID, bank info, and credit cards. Why did you post that link here knowing that it was showing your ID docs?? Again as stated before, this link was privy to you and you alone untill you posted it. Why post it in a public thread??? That was a pdf file that Google may have saved if they spidered this thread - as I mentioned.

If I were you, I've have those cards cancelled.
 

Karolina-CasinoMax

Accredited Casino Representative
Joined
Mar 3, 2017
Location
UK
That cannot be true if there is no security in front of the public URL your system is generating. There are automated tools out there that crawl CDNs that are
That cannot be true if there is no security in front of the public URL your system is generating. There are automated tools out there that crawl CDNs that are no joke. Put a password in front of it or at least let the players know that before submitting personal data that it will be put online in some form.


I didn't share it publicly here or anywhere. You didn't try the link obviously because I tested it thoroughly after I modified it and posted it. Unbelievable.



I didn't share it publicly here or anywhere. You didn't try the link obviously because I tested it thoroughly after I modified it and posted it. Unbelievable.

Hi milemaster,

You are wrong, the link that you posted was private until you pasted it on Casinomeister, you did share it and made it public.
I clicked on the link as did Casinomeister and ed skull murphy and we all got your information, that is why Casinomeister removed the link.

Kind Regards,
Karolina
 

colinsunderland

Experienced Member
webmeister
MM
Joined
Jan 28, 2016
Location
uk
Hi milemaster,

I can assure you and everyone else that any data provided to us is secured.

The link in the email was unique to you and no one else would have access to it if you didn’t share it publicly.

Ed skull murphy was correct - the link wasn’t edited therefore was active for anyone to view. By posting this unique link on here you compromised your own data.

Kind Regards,
Karolina

Am I reading this right? You upload scanned copies of ID which are then accessible to anyone who has the URL (or a scraper/crawler) with no password protection on any of the files?
That's secure?
 

milemaster

Dormant account
Joined
Aug 24, 2005
Location
Yarnbombing, Phlugerstan
@milemaster I had just got back from dinner and saw this post. The link was live and your info was compromised. ID, bank info, and credit cards. Why did you post that link here knowing that it was showing your ID docs?? Again as stated before, this link was privy to you and you alone. Why post it in a public thread??? That was a pdf file that Google may have saved if they spidered this thread - as I mentioned. If I were you, I've have those cards cancelled.

I appreciate the heads up if that was the case, wow. Clearly done in error on my part as I tested it, so I thought.

Karolina - I would appreciate my personal information to be purged from the CDN. Can that be done please?
 

Karolina-CasinoMax

Accredited Casino Representative
Joined
Mar 3, 2017
Location
UK
I appreciate the heads up if that was the case, wow. Clearly done in error on my part as I tested it, so I thought.

Karolina - I would appreciate my personal information to be purged from the CDN. Can that be done please?

Hi milemaster,

The link is disabled - no longer exists. File removed.

Kind Regards,
Karolina
 
Top