Online Casino Group Data Leak Uncovered
By Brian Cullingworth, Last updated Jan 25, 2019
Claims ElasticSearch server exposed with no password protection
A security researcher from web performance and security firm, CloudFlare, has reportedly uncovered a data leak of an unidentified online casino group’s user details and information on 108 million bets.
The breach discovered by security researcher Justin Paine and reported by ZDNet, details a data leak from an ElasticSearch server that was left exposed online and without a password.
“ElasticSearch is a portable, high-grade search engine that companies install to improve their web apps’ data indexing and search capabilities,” the ZDNet report explains.
“Such servers are usually installed on internal networks and are not meant to be left exposed online, as they usually handle a company’s most sensitive information.”
Paine surmised that despite being one server, the information was aggregated from multiple web domains, most likely from some sort of affiliate scheme, or a larger company operating multiple betting portals.”
Domains mentioned in the report include kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net, among many others.
Further investigation revealed some of the domains were owned by the same company, while others were owned by companies located in the same building in Cyprus, or were operating under the same Curacao eGaming license suggesting that they were most likely operated by the same entity, Paine said.
According to ZDNet, sensitive user data was leaked from this common ElasticSearch server including real names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, browser and OS details, last login information, and a list of played games.
“Furthermore, Paine also found roughly 108 million records containing information on current bets, wins, deposits, and withdrawals. Data on deposits and withdrawals also included payment card details,” the report reads, going on to say that the payment card details were fortunately partially redacted.
Read the full report here:
https://www.zdnet.com/article/online-casino-group-leaks-information-on-108-million-bets-including-user-details/
Infopowa news was a staple of Casinomeister’s news from 2000 until 2019. Brian Cullingworth was the main writer, contributor, and was one of the most knowledgeable persons I have ever known involved in the online casino industry.
We first met in January 2001 at the ICE in London where I observed him going booth to booth interviewing online casino, software, and licensing jurisdiction representatives. Brian was also heavily involved with our forum as “Jetset“, he was involved as an informal consultant to eCOGRA, the OPA, and was a player advocate who assisted countless aggrieved players with his connections to industry folks. He also published “Casino Cautions” via Infopowa news for quite a number of years. These can be found in our news archives.
His passing in February 2019 was a dark day for us. He will be forever missed.
Top 5 casinos
