Casino

An unsecured ElasticSearch database was discovered exposing the details for over 108 million bets at various online casinos. The leaked information contained numerous details including the bettor's name, address, partial credit card numbers, email addresses, and the bet amount.

Security researcher Justin Paine discovered the exposed and unsecured ElasticSearch database last Friday and told BleepingComputer at the time that he was not sure who owned the server, but had contacted the hosting provider so that it could be secured.

In discussions with Paine and through shared redacted samples of the data, the database appeared to contain the betting information for numerous online casinos such as azur-casino.com, easybet.com, stakes.com, viproomcasino.com, casinogym.com, crazyfortune.com, luckyluke.com, and kahunacasino.com.

These casinos host traditional games such as online slot machines, poker, blackjack, and roulette, as well as arcade-like games that allow players to earn money by playing.

The exposed data included the personal information of a bettor, the affiliates who referred them to the site, their balances, deposits, withdrawals, and bets. A redacted example of a user's data can be seen below.

Redacted Data
Redacted Data

It is not known who managed the database, but many of the referenced casinos operate under a parent company called Mountberg Limited, based out of Cyprus. Each of these casinos was also operating under the same 1668/JAZ license number issued by the Curacao eGaming authority.

While payment details were redacted, the data contained highly personal information about millions of bettors. This information could have been used to scam individuals, perform identity theft, or to try and gain access to the user's accounts via social engineering.

In order to prevent this database from being used for malicious purposes, BleepingComputer had decided to not publish this story until the database was secured. 

Yesterday, Paine stated that the database was no longer publicly accessible, though it is not known if it was secured by the owner or the ISP.

"It’s finally down it looks like.  Unclear if the customer took it down or if OVH firewalled it off for them," Paine told BleepingComputer via email.

BleepingComputer had tried to contact the companies operating these sites over the weekend, but have not received a response at the time of this publication.

Related Articles:

Wyze Exposes User Data via Unsecured ElasticSearch Cluster

ExpressVPN bug has been leaking some DNS requests for years

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

Misconfigured Firebase instances leaked 19 million plaintext passwords

200,000 Facebook Marketplace user records leaked on hacking forum