Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Security

Online Casino Group Leaks Information on 108 Million Bets, Including User Details (zdnet.com) 13

An online casino group has leaked information on over 108 million bets, including details about customers' personal information, deposits, and withdrawals, ZDNet has learned. From the report: The data leaked from an ElasticSearch server that was left exposed online without a password, Justin Paine, the security researcher who discovered the server, told ZDNet. ElasticSearch is a portable, high-grade search engine that companies install to improve their web apps' data indexing and search capabilities. Last week, Paine came across one such ElasticSearch instance that had been left unsecured online with no authentication to protect its sensitive content. From a first look, it was clear to Paine that the server contained data from an online betting portal.

[...] After an analysis of the URLs spotted in the server's data, Paine and ZDNet concluded that all domains were running online casinos where users could place bets on classic cards and slot games, but also other non-standard betting games. Some of the domains that Paine spotted in the leaky server included kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net, just to name a few.

This discussion has been archived. No new comments can be posted.

Online Casino Group Leaks Information on 108 Million Bets, Including User Details

Comments Filter:
  • by DavenH ( 1065780 ) on Monday January 21, 2019 @12:51PM (#57996738)
    Was embedding part of their salesman script really necessary?
  • Comment removed based on user account deletion
  • Of course, IT security costs money. So what do you do when you already run a hugely profitable online gambling establishment? Right, you get stingy on IT security, so you can rake 0.00001% more cash (or so)!

    Seriously, it is time for severe civil and criminal penalties when this happens, and no excuses.

  • Thought it said "108 million BATS" and was puzzling that one out...

  • "The data leaked from an ElasticSearch server that was left exposed online without a password,"

    Their security seemed to have some elasticity I bet.

  • The article says "included a lot of sensitive information, such as real names, home addresses ... it is unclear ... if anyone outside the security researcher accessed the leaky server." Suppose my information had been stored on that server. Should I feel less violated if the person accessing it self-identifies as a "security researcher" rather than a "PII tourist"? Might a reasonable process start with: as soon as you notice the initial bits of non-public data, contact the hosting provider or applicable CSI
    • It's like when you accidentally see your neighbor naked through the window. You have to stare for a few minutes to make sure your eyes aren't playing tricks, and you finish masturbating, before you tell everyone else what you saw.
  • This will make it easy to verify whether or not they're being honest.

You are always doing something marginal when the boss drops by your desk.

Working...