An online casino group has leaked information regarding over 108 million bets. Information which includes customers personal information, and user activity.
Security researcher Justin Paine discovcered the data leaked from an ElasticSearch server, that had no authentication controls implemented to protect the data – leaving it exposed online. From an intial first look Paine identified that the server contained data from an online betting portal.
ElasticSearch is “a search and analytics engine capable of solving a growing number of use cases. As the heart of the Elastic Stack, it centrally stores your data so you can discover the expected and uncover the unexpected.”
Essentially it improves companies web application’s capabilities when handling data. Because of the sensitive data utilised with ElasticSearch, they are installed on an internal network, without exposure to any externally facing servers that may be publically accessible.
Although the data was hosted on an individual server, the information that had been collated was an amalgamation from multiple web domains – which suggests it was from a large company which operated multiple betting portals.
ZDNet and Paine conducted analysis on the domains discovered in the servers data; concluding that all domains were running online casinos. Some domains were owned by the same company, and some were operating in different countries.
It is confirmed that data leaked from the ElasticSearch domain contained personal information such as, names, addresses, phone numbers, email addresses, usernames, account balance, IP addresses, OS and browser details, login activity and recently played games.
That is a substantial amount of information that could be manipulated maliciously, if the wrong individuals were to get hold of the information.
ZDNet and Paine also discovered that the payment card details included within the ElasticSearch server were partially redacted, therefore full financial details were NOT exposed.
The below image is an example of how the information is shown:
The bad news is that, anyone who found the database would have known the majority of information of users who have won large sums of money through the betting portal. Which may leave them susceptible to targeted phishing campaigns based on their recent activity. It is important that users are capable of identifying phishing emails.
The server that leaked the data, has now been taken down and can no longer be accessed.