Online casino group leaks information on 108 million bets, including user details
I didn't write up this leak here, but:
"An online casino group has leaked information on over 108 million bets, including details about customers' personal information, deposits, and withdrawals, ZDNet has learned."
"After an analysis of the URLs spotted in the server's data, Paine and ZDNet concluded that all domains were running online casinos where users could place bets on classic cards and slot games, but also other non-standard betting games.
Some of the domains that Paine spotted in the leaky server included kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net, just to name a few.
After some digging around, some of the domains were owned by the same company, but others were owned by companies located in the same building at an address in Limassol, Cyprus, or were operating under the same eGaming license number issued by the government of Curacao --a small island in the Carribean-- suggesting that they were most likely operated by the same entity."
The exposed data included the personal information of a bettor, the affiliates who referred them to the site, their balances, deposits, withdrawals, and bets.
While payment details were redacted, the data contained highly personal information about millions of bettors. This information could have been used to scam individuals, perform identity theft, or to try and gain access to the user's accounts via social engineering.
In order to prevent this database from being used for malicious purposes, BleepingComputer had decided to not publish this story until the database was secured.
From ZDNet – UPDATE, January 22:
A Mountberg Limited spokesperson has replied to ZDNet's request for comment with the following statement:
I would like to start by thanking Justin Paine not only for identifying the issue, but also for attempting to assist us in resolving it. This discovery of his, enabled us to take prompt action to secure our clients information avoiding any potential data spread. We are also grateful that it was Justin to discover this through his extensive expertise, as opposed to any other parties with less integrity and potential malicious intentions. Through this we were able to act in time and avoid sensitive data to be exposed or leaked further.
This event is one that should benefit both our company and the iGaming industry as a whole in the future. We work in a dynamic and ever changing technological environment that is progressing at a rapid rate. Cyber Security is a vital element of every online company in this current technological paradigm and we pride ourselves as being at the forefront of technological developments. The identification of this issue has allowed our company reassess the nature of our security protocols and procedures and we feel that, in the longer term having this occur will only strengthen our defences against such instances in the future. Furthermore, this should ensure that ourselves and other industry players can learn together and adapt our best practices and principles when it comes to situations with tangible risk. We see every identified, and unidentified, problem is an opportunity to grow.