A casino group that operates on the web and which is based in Cyprus and Curacao accidentally left 108 million casino transactions unsecured on their server, not protecting it with a password. This also included details about users who participated in this activity.
Elastic Search Server Problem
According to ZDNet’s article, the casino company used Elastic Search server which is a piece of software that is usually installed on the website for the purpose of indexing and searching. In fact, it is usually installed on internal networks, and the one which made it to the network of the company was left without a password which immediately resulted in leaked data.
The whole thing was noticed by Justin Paine, who is a security researcher, and who managed to come across the server that was exposed. He then determined that the server contains data from an online casino which is run by the betting group that also runs a couple of other casinos and betting sites popular among the punters and casino game players. The type of transactions that were exposed were mainly ones for “classic cards and slot games”, as stated in the article on ZDNet.
Some domain names that were connected to this security breach are viproomcasino.net, easybet.com, azur-casino.com, and kahunacasino.com. Some of these casinos are actually a part of the same company that is currently located in Limassol, Cyprus. What’s interesting is that all of the sites above had the same license issued by the government of Curacao. This is why you should always make sure you’re putting your money in trusted casinos and do your research before depositing.
What Information was Included?
The leak of betting information contained additional info that contained names, emails, phone numbers, physical addresses, usernames, OS details, IP addresses, and even balances of each account on the platforms mentioned above. Furthermore, everyone was able to access the log-in details and the history of played games for each individual account.
In other words, users were quite exposed and there was a huge risk of the info being stolen by hackers. Luckily, the data is now secured and not exposed to anyone. The team at ZDNet decided to contact the online portals that were listed in the breach report but received no response whatsoever.
The Dangers of the 21st Century
There are solid security systems that make our info secured on the web, but we should spread awareness of online threats similar to the one mentioned above. All it takes is for someone not to set the password, and expose all our info. We leave private details on the web almost every day, and we should pay special attention to the sites which include transactions.