Over 108 million data of online casino player bets, wins, deposits, and withdrawals have been put at risk in the wake of a large data breach involving a casino group. Customers’ personal data have also been exposed.
Security researcher Justin Paine was the one who spotted the data leak from an ElasticSearch server. Apparently, the data he found didn’t have a password, so they’ve been pretty much exposed to hackers and scammers.
Paine said the unsafe server he found contained information from an online betting portal. After analysing the server, he found that it aggregated data from multiple web domains that were running online casinos and other non-standard betting games.
Kahunacasino.com, easybet.com, viproomcasino.net, and azur-casino.com are just some of the domains involved in the data breach. Some of the domains were owned by Limassol, Cyprus-based companies. Others were operating under a license issued by the government of Curacao, as per ZDNet.
What’s worrying about the breach is that it caused a lot of sensitive information to be vulnerable. Customers’ real names, home addresses, email addresses, birth dates, phone umbers, site usernames, account balances, IP addresses, browser used, OS information, and played games—all of these have been leaked.
Fortunately, Paine found that users’ payment card details were partially redacted. This means full financial details of online casino players are still safe. Nevertheless, casino clients could be an easy target for scams or extortion schemes because their personal data were unprotected.
The data breach has already been addressed at present. The leaky server went offline and it’s not accessible to anyone anymore. However, it’s not clear if the mother company of the online casinos has notified all clients about the data leak.