Security researcher Justine Paine discovered a data leak this week from an ElasticSearch server. The leak involved over 108 million bets and user data from an online casino group. Paine discovered the leak after finding the server which had been exposed online without a password.
Some of the domains that Paine spotted in the leaky server included kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net, just to name a few.
Companies use ElasticSearch servers to improve web apps and search capabilities. These servers should be kept secure and remain offline because they often contain companies most sensitive data. This data is usually centred around customer transactions and other personal data from users.
Analyzing the URLs
Paine analyzed the URLs found on the server and concluded that all of them were from a large company or affiliate scheme. These URLs were used to operate multiple online casino betting portals.
This one server was holding a huge amount of data. All of the domains were running online casinos where bets were placed along with other games.
Domains Linked to One Location
Not all of the domains found were owned by the same company. However, they were all registered to the same building at an address in Limassol, Cyprus. All of the companies are also using the same eGaming licence issued by the same government in the Carribean. This suggests that they are all owned by the same umbrella company.
User data contained in the server included home addresses, names, email addresses, and account balances. Paine also found that around 108 million records were exposed relating to wins, deposits, and withdrawals. This withdrawal data also included payment card details.
Not all financial details have been leaked. However, it has exposed personal details of people who won large sums of money.
The server is now offline, the company has not responded to any reports.