Curaçao-Licensed Online Casino Operator Leaks Player Information

Sensitive details about players of casinos owned by Cyprus-based Mountberg Ltd. were left unprotected, security researcher finds

A Curaçao-licensed online casino operator has accidentally leaked sensitive player information, ZDNet reported on Monday citing security researcher Justin Paine, who discovered the leak.

The data has leaked from an ElasticSearch server that was exposed online without password protection. The information released included players’ personal details as well as information about deposits and withdrawals related to more than 108 million bets made on websites owned by the online casino group.

Mr. Paine told ZDNet that he discovered the unprotected server last week. He explained that the server required no authentication to protect the sensitive information it contained. It was clear to the security researcher that the server featured information about online gambling operations.

ElasticSearch is a search engine that companies use to improve data indexing and search capabilities. ElasticSearch servers are installed on internal networks and it is quite untypical to be left unsecured online as they include a client’s most sensitive data.

After additional research, Mr. Paine was able to confirm that all domains on the exposed server were running online casino and betting operations. The information leaked included the real names of gamblers, their home and email addresses, phone numbers, birth dates, account balances, IP addresses, etc.

Mr. Paine discovered around 108 million records of bets, wins, deposit and withdrawals. Deposit and withdrawal data included details about the players’ registered payment cards. However, Mr. Paine pointed out that payment card details were partially redacted and they did not expose gamblers’ full financial details.

Casinos in the Leaky Server

Digging further about the incident, Mr. Paine discovered that the leaky sever contained information about people gambling at Kahuna Casino, EasyBet, and VIP Room Casino, among other online casinos.

Kahuna Casino and VIP Room Casino are both owned by Mountberg Limited, a company based in Cyprus and licensed in Curaçao. As for EasyBet, it operates under the same license as the former two, although another company is listed as its owner. Still, the information available about the above casinos shows that they are owned by the same entity.

Representatives for Mountberg have not commented on the issue and it is unknown for how long sensitive information about its players has been left unprotected, how many players have been affected, and who else aside from Mr. Paine has been able to access the leaky server.

The unprotected server went offline yesterday, ZDNet reported. Mr. Paine confirmed that it was finally down, but said that it was not known whether the client took it down themselves or OVH firewalled it off.

Follow us on Facebook and Twitter to stay up to date on the day’s top casino news stories.

Related News