100 million online bets exposed by leaky database
Yet another organisation has been spotted copying important data to Elasticsearch cloud storage without remembering to secure it.
Last week, it was US company VOIPo that accidentally exposed call logs, SMS data, and company credentials in Elasticsearch where it was spotted by researcher Justin Paine.
This week, Paine has returned to tell ZDNet of a second cache of Elasticsearch data he found only days ago that appears to have been connected to online betting sites.
Sensitive data such as:
Real names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, browser and OS details, last login information, and a list of played games.
In addition, Paine found 108 million records connected to online bets, deposits, wins and withdrawals, complete with partially redacted payment card data.
According to ZDNet, the betting domains included kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net, connected to companies registered in Cyprus and the Caribbean.