Claims ElasticSearch server exposed with no password protection
A security researcher from web performance and security firm, CloudFlare, has reportedly uncovered a data leak of an unidentified online casino group’s user details and information on 108 million bets.
The breach discovered by security researcher Justin Paine and reported by ZDNet, details a data leak from an ElasticSearch server that was left exposed online and without a password.
“ElasticSearch is a portable, high-grade search engine that companies install to improve their web apps’ data indexing and search capabilities,” the ZDNet report explains.
“Such servers are usually installed on internal networks and are not meant to be left exposed online, as they usually handle a company’s most sensitive information.”
Paine surmised that despite being one server, the information was aggregated from multiple web domains, most likely from some sort of affiliate scheme, or a larger company operating multiple betting portals.”
Domains mentioned in the report include kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net, among many others.
Further investigation revealed some of the domains were owned by the same company, while others were owned by companies located in the same building in Cyprus, or were operating under the same Curacao eGaming license suggesting that they were most likely operated by the same entity, Paine said.
According to ZDNet, sensitive user data was leaked from this common ElasticSearch server including real names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, browser and OS details, last login information, and a list of played games.
“Furthermore, Paine also found roughly 108 million records containing information on current bets, wins, deposits, and withdrawals. Data on deposits and withdrawals also included payment card details,” the report reads, going on to say that the payment card details were fortunately partially redacted.
Read the full report here: