Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Did you win at online casinos? Watch out, your data might have had exposed online

Data belonging to online casinos found exposed online on unprotected Elastic search instance, it includes info on 108 million bets and user details Data breaches are an ordinary issue, this time an online casino group leaked information about 108 million bets including user details. Leaked data includes personal information and payment card details, including real […]

online casinos-player-info

Data belonging to online casinos found exposed online on unprotected Elastic search instance, it includes info on 108 million bets and user details

Data breaches are an ordinary issue, this time an online casino group leaked information about 108 million bets including user details.

Leaked data includes personal information and payment card details, including real names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, browser and OS details, last login information, and a list of played games, deposits, and withdrawals.

online casinos-player-info
Source ZDNet

According to ZDNet, that first reported the news, data was stored in an ElasticSearch server exposed online without a password.

ElasticSearch instances are normally installed on internal networks, but sometimes misconfigured systems are exposed online.

The leaked data were discovered by the security researcher Justin Paine that spotted the unsecured ElasticSearch server that was containing data apparently from an online betting portal.

The data appears to be the result of aggregation from multiple web domains.

“Despite being one server, the ElasticSearch instance handled a huge swathe of information that was aggregated from multiple web domains, most likely from some sort of affiliate scheme, or a larger company operating multiple betting portals.states ZDNet.

“After an analysis of the URLs spotted in the server’s data, Paine and ZDNet concluded that all domains were running online casinos where users could place bets on classic cards and slot games, but also other non-standard betting games.”

All the domains present in the data leak belong to online casinos (i.e.
kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net), some of them were no standard betting games.

All the companies involved in the data leak are located in the same building in Limassol, Cyprus, or were operating under the same eGaming license number issued by the government of Curacao, a circumstance that suggest they were operated by the same entity.

According to the expert, the huge archive was not containing full financial details, but ZDNet pointed out anyone who found the database would have known the personal information of players who recently won large sums of money and could use them to carry out malicious activities against these users, including scams or extortion attempts.

“It’s down finally. Unclear if the customer took it down or if OVH firewalled it off for them,” Paine told ZDNet.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – data leak, online casinos)

[adrotate banner=”5″] [adrotate banner=”13″]