[BreachExchange] Did you win at online casinos? Watch out, your data might have had exposed online

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jan 22 20:20:26 EST 2019


https://securityaffairs.co/wordpress/80173/data-breach/online-casinos-data-leak.html

Data belonging to online casinos found exposed online on unprotected
Elastic search instance, it includes info on 108 million bets and user
details

Data breaches are an ordinary issue, this time an online casino group
leaked information about 108 million bets including user details.

Leaked data includes personal information and payment card details,
including real names, home addresses, phone numbers, email addresses, birth
dates, site usernames, account balances, IP addresses, browser and OS
details, last login information, and a list of played games, deposits, and
withdrawals.

According to ZDNet, that first reported the news, data was stored in an
ElasticSearch server exposed online without a password.

ElasticSearch instances are normally installed on internal networks, but
sometimes misconfigured systems are exposed online.

The leaked data were discovered by the security researcher Justin Paine
that spotted the unsecured ElasticSearch server that was containing data
apparently from an online betting portal.

The data appears to be the result of aggregation from multiple web domains.

“Despite being one server, the ElasticSearch instance handled a huge swathe
of information that was aggregated from multiple web domains, most likely
from some sort of affiliate scheme, or a larger company operating multiple
betting portals.” states ZDNet.

“After an analysis of the URLs spotted in the server’s data, Paine and
ZDNet concluded that all domains were running online casinos where users
could place bets on classic cards and slot games, but also other
non-standard betting games.”

All the domains present in the data leak belong to online casinos (i.e.
kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net),
some of them were no standard betting games.

All the companies involved in the data leak are located in the same
building in Limassol, Cyprus, or were operating under the same eGaming
license number issued by the government of Curacao, a circumstance that
suggest they were operated by the same entity.

According to the expert, the huge archive was not containing full financial
details, but ZDNet pointed out anyone who found the database would have
known the personal information of players who recently won large sums of
money and could use them to carry out malicious activities against these
users, including scams or extortion attempts.

“It’s down finally. Unclear if the customer took it down or if OVH
firewalled it off for them,” Paine told ZDNet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190122/664a6375/attachment.html>


More information about the BreachExchange mailing list