Online casino data leak exposes 108 million bets, personal data

A massive data leak from an ElasticSearch server has exposed information on over 108 million bets, as well as personal information, deposits and withdrawals. The server was not configured with any password or authentication required to protect the data.

According to a ZDNet report, Security researcher Justin Paine discovered the data leak linked to an unsecured ElasticSearch server.

ElasticSearch is a distributed, portable search and analytics engine designed to process large amounts of data used to improve search and index capabilities. ElasticSearch usually runs on internal servers and can process company’s sensitive information.

The ElasticSearch instance hosted and aggregated a large amount of data from multiple web domains likely linked to a larger company running multiple online betting portals or affiliate scheme, ZDNet reports.

A few of the domains discovered in the data leak included kahunacasino.com, azur-casino.com, easybet.com and viproomcasino.net.

The leaked data included names, email addresses, home addresses, phone numbers, birth dates, sensitive gaming login and financial information, among other sensitive information.