The #1 Resource for aussie gambling!
  • Safe & Secure Sites
  • 100's of Free Games
  • Expert Casino Reviews

The #1 Resource for aussie gambling!

Information leaked on more than 108 million online bets

Wed, Jan 23, 12:09pm by Staff Writer

An online casino group has leaked information on more than 108 million bets, including details about customers’ personal information, deposits and withdrawals according to Bleeping Computer.

An unsecured ElasticSearch database was discovered exposing the details, which also included the bettors’ address, email address and partial credit card numbers.

ElasticSearch is a portable, high-grade search engine that companies install to improve their web apps’ data indexing and search capabilities.

Such servers are usually installed on internal networks and are not meant to be left exposed online, as they usually handle a company’s most sensitive information.

The man who discovered the data, security research Justin Paine accessed the information online without a password.

Despite being just one server, the ElasticSearch portal handled an array of information that was aggregated from multiple web domains, most likely from an affiliate scheme or a larger company with multiple betting portals.

Some of the domains that Mr Paine spotted included,, and to name a few.

After analysing the URLs spotted in the server’s data, ZDNet and Paine concluded that all domains were running online casinos where users could bet on classic card and slot games, but also other non-standard betting games.

Some research discovered that some of the domains were owned by companies located in the same building in Limassol, Cyprus. The parent company in question is called Mountberg Limited.

Others were operating under the same eGaming license number issued by the government of Curacao, a small island in the Caribbean, with license number 1668/JAZ.

A Mountberg Limited spokesperson replied to ZDNet’s request for comment with the following statement.

“I would like to start by thanking Justin Paine not only for identifying the issue, but also for attempting to assist us in resolving it.”

“This event is one that should benefit both our company and the iGaming industry as a whole in the future. We work in a dynamic and ever changing technological environment that is progressing at a rapid rate.”

“Cyber Security is a vital element of every online company in this current technological paradigm and we pride ourselves as being at the forefront of technological developments.”

The good news to come from this data breach is that the payment card details indexed in the ElasticSearch server were partially redacted and they were not exposing the user’s full financial details.

The bad news is that anyone who found the database would have known the names, home addresses and phone numbers of players who recently won large sums of money. This could be used to target users as part of scam or extortion schemes.

ZDNet reached out with emails to all online portals whose data Paine identified in the leaky server.

“It’s down finally. Unclear if the customer took it down or if OVH firewalled it off for them,” Paine told ZDNet after he reached out to the cloud provider last week.

Data breaches are common in online gambling

Betting companies being embroiled in data breaches is nothing new, with UK giant Paddy Power admitting hackers stole personal details from more than 600,000 customers in a cyber attack in 2010.

The data hacked by a man in Canada included the name, username, postal address, email address, phone number, date of birth and security questions and answers of customers. The company denied that credit or debit card details were compromised according to The Telegraph.

Gibraltr-based BetVictor left a password list for its internal systems on its website for anyone to find in 2018.

The two-page document contained links to back office systems, including usernames and passwords.

Many of the systems were accessible externally – though, none of the credentials were tested to avoid breaking computer hacking laws, ZDNet said.

More News

  • UK bans credit card gambling from April
    UK bans credit card gambling from April

    The UK Gambling Commission is banning people from using credit cards to place bets in an attempt to curb problem gambling. The…

  • Japanese lawmaker indicted on fresh charges
    Japanese lawmaker indicted on fresh charges

    A Japanese lawmaker who played an instrumental role in the legalisation and promotion of casino gambling has been indicted on bribery charges.…

  • Delta Corp makes mark in Nepal
    Delta Corp makes mark in Nepal

    India’s largest casino operator has been granted a gaming licence in Nepal. Inkedin reports that Delta Corp has finally secured the gaming…

See All News