Online Casino Group Leaks User Information


Staff member
Mar 3, 2018
Last year, an exposed ElasticSearch server reportedly leaked data on nearly 57 Million U.S. citizens. ElasticSearch servers aren't supposed to be exposed to the web, especially if they don't have a password, and the security researcher warned that exposed servers like that are a significant issue. This week, he was proven right again, as ZDNet reports that online casino group leaked information on over 108 million bets though an exposed, unprotected ElasticSearch server. Fortunately even though the server contained some financial information, payment card details were all partially redacted. None of the companies involved in the leak have responded to ZDNet yet, and it's unclear how, or if, any of them intend to respond.

Some of the domains that Paine spotted in the leaky server included,,, and, just to name a few.After some digging around, some of the domains were owned by the same company, but others were owned by companies located in the same building at an address in Limassol, Cyprus, or were operating under the same eGaming license number issued by the government of Curacao --a small island in the Carribean-- suggesting that they were most likely operated by the same entity. The user data that leaked from this common ElasticSearch server included a lot of sensitive information, such as real names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, browser and OS details, last login information, and a list of played games.
Going cheap now can usually be way more expensive in the long run.

"Should we hire an expert to setup our infrastructure?"

"No, just have the tech support guy figure it out."

I think a lot of these breaches are just companies being cheap and finally getting bit in the ass in a public way (one which they can't cover up).