This Curaçao-licensed casino operator accidentally leaked the confidential player data according to a report from the researcher, Justin Paine. The details of all individuals involved in the leak were sourced from the EasyBet site and Kahuna and VIP Room online casinos.
Data Leak Details
This information leaked out from an exposed ElasticSearch server which was not password protected. The data includes personal details of players, and information about deposits and withdrawals made on over 100mn bets placed on several casino websites owned by Mountberg.
The story was reported by the news outlet ZDNet on 21 January and will be of concern to any online gambler. Mr Paine confirmed that this ElasticSearch service did not require any authentication when attempts were made to access it. It’s difficult to understand how or why Mountberg could have neglected such an important and relatively simple security activity.
There are countless ElasticSearch servers operating on global business internal networks, as they can improve search capabilities and the indexation of data. However, it is very rare for any business to allow servers of this nature to be left online in an unsecured state.
Mr Paine accessed the information contained on the exposed server and was able to discover that it was used for running online betting and casino operations. Some of the information accessed included the names and addresses of players, their email addresses, phone numbers, dates of birth and account balances.
Around 108mn records listing bets, deposits, withdrawals and wins, as well as partial payment card details were also on the server.
The Kahuna Casino and the VIP Room Casino are owned and operated by Mountberg Ltd which is based in Cyprus and operates a gambling licence issued in Curaçao. Another company is listed as the owner of EasyBet, however, it is operated under the same licence as the two online casinos.
It is not known how long this unprotected information was available for online access and Mountberg have not made any comments on the issue. The server was taken offline on 20 January.
Security should be of primary concern to new casino customers, and CasinoBonuses.com includes brand security information in our detailed reviews.