An unprotected ElasticSearch server of an online Casino group exposes 108 million records
- The server exposed almost 108 million records containing information such as bets, wins, deposits, withdrawals, including payment card details.
- The server also contained users’ personal information such as names, addresses, phone numbers, email addresses, dates of birth, usernames, account balances, and more.
An ElasticSearch server of an online casino group was left publicly available without a password, accessible to anyone. The leaky server contained users’ personal information such as names, addresses, phone numbers, email addresses, dates of birth, usernames, account balances, IP addresses, list of played games, last login information, browser information, and OS details.
The open ElasticSearch server was discovered by a security researcher named Justin Pane. Pane noted that the server contained data from an online betting portal and contained data aggregated from multiple web domains.
Details on the analysis
Pane and ZDNet together conducted analysis on the URLs spotted in the server’s data and found that all web domains were running online casinos. The URLs spotted in the open server’s data included kahunacasino.com, azur-casino.com, easybet.com, viproomcasino.net etc.
After more investigation, the researcher found that some of the domains were owned by the same company, while others were owned by companies residing in the same building, or were operating under the same eGaming license number. This confirmed that all the web domains were operated by the same entity.
Pane also uncovered that the leaky ElasticSearch server exposed almost 108 million records containing information such as bets, wins, deposits, withdrawals, including payment card details.
However, the payment card details were partially obscured and users’ full financial details were not exposed.
The leaky server taken offline
ZDNet contacted all the web domains whose data were identified by Pane in the ElasticSearch server, but none of them responded. However, on January 21, 2019, the leaky server was found to be taken offline and non-accessible to the public.
“It's down finally. Unclear if the customer took it down or if OVH firewalled it off for them,” Paine told ZDNet.
However, there are chances that anyone with malicious intent would have used the information from the leaky server such as names and contact details of the players who recently won large sums of money to target users as part of scams or extortion schemes.