1. By continuing to use the site, you agree to the use of cookies .This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy.Find out more.
    Dismiss Notice
  2. Dismiss Notice
  3. Follow Casinomeister on Twitter | Facebook | YouTube | Casinomeister.us US Residents Click here! |  Svenska Svenska | 
Dismiss Notice
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!

At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.

Registration is fast, simple and absolutely free so please, join Casinomeister here!

Non-Bonus Complaint Cherry Jackpot / Casino Max personal data issue

Discussion in 'Casino Complaints - Non-Bonus Issues' started by milemaster, Jun 4, 2018.

    Jun 4, 2018
  1. milemaster

    milemaster Senior Member

    Occupation:
    Ego Enhancement Consultant
    Location:
    Yarnbombing, Phlugerstan
    Hello all,

    I don't want to be overly dramatic here, but my experience with the casino group that runs Cherry Jackpot and Casino Max is super alarming. In my two decades of gambling online I have never seen anything as scary as what I've experienced yesterday and today.

    Long story short, I sent my verification documents into their support alias This email is not visible to you. and received an autoreply it was received. My documents consisted of a single PDF that had my drivers license, utility bill. and front and back of the credit cards I used.

    A few minutes later I received a reply from their support indicating they will present my documents to the banking group, and included with that email was a direct url <snipped URL>..... (sensitive url hidden) that linked directly to my PDF file.

    THERE IS NO AUTHENTICATION IN FRONT OF IT. Anyone can use that link and view all of my personal data I sent over and it's just on the internet. I tried it on 2 different computers with 3 different browsers, including my mobile phone and my documents downloaded and appeared.

    I contacted support and was told not to worry as there is only risk if someone finds out the URL goes to it. The odds of someone "figuring it out is unlikely"

    This is unbelievably wreckless to not put a password in front of it. My suggestion would be if you played at their casinos to check the confirmation emails you received when you sent your personal information and look for a link at the base of the email that begins with downloads.intercomcdn.com and click on it to see if your information comes up too.

    Again, this can be accessed outside of their casino, your email box.. anyone with a browser on a device on the internet can view it. I know this casino is accredited, but to not put at least a password in front of it is pure idiocy.
     
    Last edited by a moderator: Jun 4, 2018
    Jasminebed and dionysus like this.
  2. Jun 4, 2018
  3. dionysus

    dionysus can turn wine into water CAG MM

    Occupation:
    n/a
    Location:
    I'm a Canucklehead
    I've flagged @maxd so as not be confused with official CM warnings
     
  4. Jun 4, 2018
  5. ed skull murphy

    ed skull murphy Trollish behavior - quit the forum

    Occupation:
    N/A
    Location:
    Albion
    I think you should edit that link, it is still live for members.
     
    dionysus likes this.
  6. Jun 4, 2018
  7. Casinomeister

    Casinomeister Forum Cheermeister Staff Member

    Occupation:
    Homemaker
    Location:
    Bierland
    Dude, that URL was unique to you - and only you. You're the one being reckless here :p

    This was up for only 20 minutes, but you may have compromised your cards if Google spidered this during that time. Please check.
     
    Jasminebed likes this.
  8. Jun 4, 2018
  9. milemaster

    milemaster Senior Member

    Occupation:
    Ego Enhancement Consultant
    Location:
    Yarnbombing, Phlugerstan
    I stripped out half the URL before I posted it here and tested it. Ed Skull is incorrect. On the internet, there is no such thing as a link that is unique to anybody unless there is authentication in front of it. Putting people's data up on a public open CDN is crazy.
     
    Last edited: Jun 4, 2018
  10. Jun 4, 2018
  11. Karolina-CasinoMax

    Karolina-CasinoMax Accredited Casino Representative

    Occupation:
    Casino Manager
    Location:
    UK
    Hi milemaster,

    I can assure you and everyone else that any data provided to us is secured.

    The link in the email was unique to you and no one else would have access to it if you didn’t share it publicly.

    Ed skull murphy was correct - the link wasn’t edited therefore was active for anyone to view. By posting this unique link on here you compromised your own data.

    Kind Regards,
    Karolina
     
  12. Jun 4, 2018
  13. milemaster

    milemaster Senior Member

    Occupation:
    Ego Enhancement Consultant
    Location:
    Yarnbombing, Phlugerstan
    That cannot be true if there is no security in front of the public URL your system is generating. There are automated tools out there that crawl CDNs that are no joke. Put a password in front of it or at least let the players know that before submitting personal data that it will be put online in some form.

    I didn't share it publicly here or anywhere. You didn't try the link obviously because I tested it thoroughly after I modified it and posted it. Unbelievable.
     
  14. Jun 4, 2018
  15. Casinomeister

    Casinomeister Forum Cheermeister Staff Member

    Occupation:
    Homemaker
    Location:
    Bierland
    @milemaster I had just got back from dinner and saw this post. The link was live and your info was compromised. ID, bank info, and credit cards. Why did you post that link here knowing that it was showing your ID docs?? Again as stated before, this link was privy to you and you alone untill you posted it. Why post it in a public thread??? That was a pdf file that Google may have saved if they spidered this thread - as I mentioned.

    If I were you, I've have those cards cancelled.
     
    Karolina-CasinoMax likes this.
  16. Jun 4, 2018
  17. Karolina-CasinoMax

    Karolina-CasinoMax Accredited Casino Representative

    Occupation:
    Casino Manager
    Location:
    UK
    Hi milemaster,

    You are wrong, the link that you posted was private until you pasted it on Casinomeister, you did share it and made it public.
    I clicked on the link as did Casinomeister and ed skull murphy and we all got your information, that is why Casinomeister removed the link.

    Kind Regards,
    Karolina
     
  18. Jun 4, 2018
  19. colinsunderland

    colinsunderland Experienced Member MM webmeister

    Occupation:
    affiliate
    Location:
    uk
    Am I reading this right? You upload scanned copies of ID which are then accessible to anyone who has the URL (or a scraper/crawler) with no password protection on any of the files?
    That's secure?
     
  20. Jun 4, 2018
  21. milemaster

    milemaster Senior Member

    Occupation:
    Ego Enhancement Consultant
    Location:
    Yarnbombing, Phlugerstan
    I appreciate the heads up if that was the case, wow. Clearly done in error on my part as I tested it, so I thought.

    Karolina - I would appreciate my personal information to be purged from the CDN. Can that be done please?
     
  22. Jun 5, 2018
  23. Karolina-CasinoMax

    Karolina-CasinoMax Accredited Casino Representative

    Occupation:
    Casino Manager
    Location:
    UK
    Hi milemaster,

    The link is disabled - no longer exists. File removed.

    Kind Regards,
    Karolina
     
    milemaster and colinsunderland like this.

Share This Page