Unprotected ElasticSearch Server Leaks 108 Million Bets

The iGaming industry is being shook to the core this January 2019, with several prominent betting operators, presumably part of one and the same affiliate group, found amidst a controversy of great proportions. Namely, it has been discovered that an ElasticSearch Server, an advanced data support, hosting and distribution engine, has been leaking information on as many as 180 million bets, along with other highly confidential customer data.

According to Justin Paine, director of Trust & Safety @Cloudflare and security researcher, who first came across the anomaly…

…the ElasticSearch engine was left exposed online, unprotected by a password or any other authorization protocol. Whether inadvertently or not, this oversight left dozens of gigabytes of sensitive information in plain view of internet users, and anyone who bothered to look into it.

ElasticSearch Server Leaking Confidential Data

After a thorough investigation, the researcher concluded that the unguarded engine has been implemented by an aggregate online gambling group with several casino and sports betting portals operating under its wing: viproomcasino.net, kahunacasino.com, easybet.com and several other brands.

The majority of the abovementioned websites are owned and managed by Mountberg Limited, based at Limassol Avenue, Nicosia, Cyprus, under a license issued by the Curacao eGaming and regulated by the government of the Caribbean island. The rest of the brands, however, are the property of a wholly different group, such as TGI Entertainment NV, also situated in Cyprus.

Such a high number of platforms operating on the same malfunctioning management server implies an enormous amount of sensitive information has been exposed to the public – not only with regards to the circulating volume and number of placed bets, but also with regards to a host of private info on the patrons of these gaming sites.

Customers have been left vulnerable to fraud attempts, identity and financial thefts, as well as personal attacks due to their real names, home, IP and e-mail addresses, phone numbers being publicly available on the internet.

Not only this…

…but their betting history, account balance, log in details such as usernames and passwords, down to the games they’ve played up until the server has been left unprotected, can now be easily accessed by just about any tech-savvy individual with a means to access the database.

Aftermath

At the moment, the length of time the engine has been left exposed is unknown, and the scope of damage this oversight might have caused is left to speculation.

The affected portals were contacted immediately after the researcher made his findings public. Damage control and the first line of defense against the harmful consequences of the leak, came in the form of closed servers.

The ElasticSearch was shut down and remains inaccessible to date. However…

…the official statement from the affiliate group came with a one-week delay.

On January 22st, Mountberg Limited reached out to all concerned parties with the following statement:

“I would like to start by thanking Justin Paine not only for identifying the issue, but also for attempting to assist us in resolving it. This discovery of his, enabled us to take prompt action to secure our clients information avoiding any potential data spread. We are also grateful that it was Justin to discover this through his extensive expertise, as opposed to any other parties with less integrity and potential malicious intentions. Through this we were able to act in time and avoid sensitive data to be exposed or leaked further.”

The spokesperson further expressed confidence that this unfortunate incident will surely serve to strengthen the company’s safety procedures, as well as provide a valuable lesson for other industry affiliates:

“This event is one that should benefit both our company and the iGaming industry as a whole in the future. We work in a dynamic and ever-changing technological environment that is progressing at a rapid rate. Cyber Security is a vital element of every online company in this current technological paradigm and we pride ourselves as being at the forefront of technological developments. The identification of this issue has allowed our company reassess the nature of our security protocols and procedures and we feel that, in the longer term having this occur will only strengthen our defences against such instances in the future. Furthermore, this should ensure that ourselves and other industry players can learn together and adapt our best practices and principles when it comes to situations with tangible risk. We see every identified, and unidentified, problem is an opportunity to grow.”

Source:

“Online casino group leaks information on 108 million bets, including user details”, Catalin Cimpanu, zdnet.com, January 30, 2019.