Escape to the casino gaming portal
Image: Casino Kahuna, Composition: ZDNet

ZDNet learned that a group of online casinos had leaked information on more than 108 million wagers, including detailed information about customers' personal information, deposits and withdrawals.

Filtered data from an ElasticSearch server that has been left exposed online without a password, Justin Paine, security researcher who discovered the server, told ZDNet.

ElasticSearch is a high-quality, portable search engine that businesses install to improve the search and indexing capabilities of their web applications. Such servers are usually installed on internal networks and should not be exposed online because they usually handle the most sensitive information of a company.

Last week, Paine came across an ElasticSearch instance of this type that was left unsecured online without authentication to protect its sensitive content. At first glance, it was clear to Paine that the server contained data from an online betting portal.

Although it is a single server, the ElasticSearch instance managed a large amount of aggregated information from multiple Web domains, most likely some sort of affiliate system, or a larger one. company operating several portals of paris.

After an analysis of the URLs identified in the server data, Paine and ZDNet concluded that all domains were running on online casinos where users could place wagers on classic cards and slot machine games, but also on the internet. 39, other non-standard betting games.

Among the areas spotted by Paine on the leaking server are kahunacasino.com, azur-casino.com, easybet.com and viproomcasino.net, to name a few.

After some research, some domains belonged to the same company, but others belonged to companies located in the same building, to an address in Limassol, Cyprus, or operated under the same number of online gambling license awarded by the Government of Curacao. – a small island in the Caribbean – suggesting that they were probably operated by the same entity.

The user data disclosed from this common ElasticSearch server contained a lot of sensitive information, such as real names, personal addresses, phone numbers, email addresses, birth dates, site user names, account balances, IP addresses, browser and operating system details, last connection. information, and a list of games played.

A very small part of the written user data that leaked from the server "height =" auto "width =" 470 "data-original =" https://zdnet4.cbsistatic.com/hub/i/r/2019/01/21 /1b24176e-d203-4a83-8a57-69a0689db8ae/resize/470xauto/e0aed6cbc8a1631b81d14da05a888549/casino-player-info.png

A very small portion of the written user data that has been filtered by the server

In addition, Paine also found about 108 million records containing information on bets, wins, deposits and withdrawals in progress. Deposit and withdrawal data also include the details of the credit card.

A very small part of the transaction data written that was filtered by the server "height =" auto "width =" 470 "data-original =" https://zdnet1.cbsistatic.com/hub/i/r/2019/ 01/21 /91fa48e6-6c9a-4b3b-b716-e17118d4f862/resize/470xauto/8e31170b06a6b8253bd3e7804e295095/casino-player-transaction.png

A very small portion of the transaction data written that was filtered by the server

The good news is that the details of the payment card indexed on the ElasticSearch server were partially redacted and that they did not expose the complete financial details of the user.

The bad news is that anyone who found the database would have known the names, personal addresses and phone numbers of players who had recently won large sums of money and could have used this information to target users in connection with scams or extortion.

ZDNet has sent e-mails to all online portals whose Paine data has been identified on the leaky server. At the time of writing, none of the support teams we contacted last week have yet responded. Today, the leaking server has been taken offline and is no longer accessible.

"It's finally the case, we do not know if the client has removed it or if an OVH firewall is protecting it for him," Paine told ZDNet. After also contacting the cloud service provider last week.

Seeing that none of the aforementioned sites responded to our request for comment, nor did their parent company make it difficult to know how long the server has been exposed online, how much of it has been. users have been impacted exactly, if someone from outside A security researcher has accessed the server exhibiting leaks, and if customers are warned that their personal data has been left exposed on the Internet in plain view.

More data breach coverage: