Data processed by an online betting group are exposed; compromised files include more than 100 million of user records and their bets and earnings
Dozens, even hundreds of reports about data security incidents that compromise the personal information of millions of people are presented daily. According to experts in network security and ethical hacking from the International Institute of Cyber Security, the most recent victim of a massive data leaking is an online casino, as it has leaked information related to more than 100 million of operations in the casino, including the gamblers’ personal information.
Among the information leaked, according to experts in network security, there are:
- Users’ actual names
- Email addresses
- Dates of birth
- Login information, used games, bets, deposits and withdrawals
- Payment card details
Early investigations into the incident indicate that the leaked data was stored on an ElasticSearch server exposed online without the necessary security measures.
ElasticSearch implementations are usually installed in organizations’ internal networks, although a poorly configured system can be exposed online, commented the network security specialists. Justin Paine, a cybersecurity researcher, found the leaked data after detecting this misconfigured ElasticSearch instance.
Paine believes that these data come from multiple web domains: “Although only one server was discovered, this ElasticSearch instance contained a large amount of information, probably added from multiple sites,” commented the expert.
“After analyzing the URLs detected on the server, we concluded that all domains hosted online casinos where users could bet on card games, virtual slots and other betting games.” All domains analyzed (kahunacasino.com, azur-casino.com, easybet.com and viproomcasino.net) belong to online casinos.
All the companies involved in this incident are in the same building located in Cyprus, they also operate under the same electronic gambling license issued by the Government of Curaçao, which makes researchers suppose that all these sites are operated by the same entity.
According to the expert, the file did not host complete financial information, but only a few details. However, he also highlights that among the leaked data is the information of players who have earned considerable sums on these sites, which could be used in spam campaigns or even extortion, so that potentially compromised users must remain attentive to any hint of cyber attack.