The #1 Resource for aussie gambling!
  • Safe & Secure Sites
  • 100's of Free Games
  • Expert Casino Reviews

The #1 Resource for aussie gambling!

Information leaked on more than 108 million online bets

Wed, Jan 23, 12:09pm by Staff Writer

An online casino group has leaked information on more than 108 million bets, including details about customers’ personal information, deposits and withdrawals according to Bleeping Computer.

An unsecured ElasticSearch database was discovered exposing the details, which also included the bettors’ address, email address and partial credit card numbers.

ElasticSearch is a portable, high-grade search engine that companies install to improve their web apps’ data indexing and search capabilities.

Such servers are usually installed on internal networks and are not meant to be left exposed online, as they usually handle a company’s most sensitive information.

The man who discovered the data, security research Justin Paine accessed the information online without a password.

Despite being just one server, the ElasticSearch portal handled an array of information that was aggregated from multiple web domains, most likely from an affiliate scheme or a larger company with multiple betting portals.

Some of the domains that Mr Paine spotted included kahunacasino.com, azur-casino.com, easybet.com and viproomcasino.net to name a few.

After analysing the URLs spotted in the server’s data, ZDNet and Paine concluded that all domains were running online casinos where users could bet on classic card and slot games, but also other non-standard betting games.

Some research discovered that some of the domains were owned by companies located in the same building in Limassol, Cyprus. The parent company in question is called Mountberg Limited.

Others were operating under the same eGaming license number issued by the government of Curacao, a small island in the Caribbean, with license number 1668/JAZ.

A Mountberg Limited spokesperson replied to ZDNet’s request for comment with the following statement.

“I would like to start by thanking Justin Paine not only for identifying the issue, but also for attempting to assist us in resolving it.”

“This event is one that should benefit both our company and the iGaming industry as a whole in the future. We work in a dynamic and ever changing technological environment that is progressing at a rapid rate.”

“Cyber Security is a vital element of every online company in this current technological paradigm and we pride ourselves as being at the forefront of technological developments.”

The good news to come from this data breach is that the payment card details indexed in the ElasticSearch server were partially redacted and they were not exposing the user’s full financial details.

The bad news is that anyone who found the database would have known the names, home addresses and phone numbers of players who recently won large sums of money. This could be used to target users as part of scam or extortion schemes.

ZDNet reached out with emails to all online portals whose data Paine identified in the leaky server.

“It’s down finally. Unclear if the customer took it down or if OVH firewalled it off for them,” Paine told ZDNet after he reached out to the cloud provider last week.

Data breaches are common in online gambling

Betting companies being embroiled in data breaches is nothing new, with UK giant Paddy Power admitting hackers stole personal details from more than 600,000 customers in a cyber attack in 2010.

The data hacked by a man in Canada included the name, username, postal address, email address, phone number, date of birth and security questions and answers of customers. The company denied that credit or debit card details were compromised according to The Telegraph.

Gibraltr-based BetVictor left a password list for its internal systems on its website for anyone to find in 2018.

The two-page document contained links to back office systems, including usernames and passwords.

Many of the systems were accessible externally – though, none of the credentials were tested to avoid breaking computer hacking laws, ZDNet said.


More News

  • Lawmakers mull pokies changes
    Lawmakers mull pokies changes

    There are ongoing debates about whether financial institutions or government agencies should be able to dictate how people pay for their pokies…

  • Bookmakers are lining up to purchase WA TAB
    Bookmakers are lining up to purchase WA TAB

    There are some of the world’s leading bookmakers believed to be in the contest for the West Australian TAB, taking on the…

  • Finnplay secures Danish licence
    Finnplay secures Danish licence

    Nordic online gambling technology and platform provider Finnplay has received an Online Casino Licence by the Danish Gambling Authority. Casino News Daily…

See All News