Cyprus-based Mountberg Ltd has left the privacy of its casino players under threat. According to security researcher Justin Paine, the online casinos owned by the company left sensitive player information unprotected, which led to its accidental leakage. Paine discovered the leak and ZDNet reported the matter.
An ElasticSearch online server which was not password protected has leaked the data which includes players’ personal and financial details such as their real names, home and email addresses, telephone numbers, date of birth, IP addresses and account balance.
The information about deposits and withdrawals regarding over 108 million bets and wins made via the casino websites has also been exposed. Details about players’ registered payment cards have also been exposed. However, the financial details were partially redacted and not fully exposed.
As explained by Paine to ZDNet, the server didn’t need any authentication to protect the sensitive information about online gambling operations which it stored.
It is to be noted that ElasticSearch is a search engine used by various companies to enhance data indexing and search capabilities. Its servers are set up on internal networks to contain sensitive data of clients. Therefore, it is surprising such a crucial element was left unsecured by the company.
Further research by Paine has confirmed that all the domains hosted on the compromised server were related to online gambling and betting operations. The list includes Kahuna Casino, EasyBet, VIP Room Casino and many others. While Kahuna Casino and VIP Room Casino are owned by Mountberg Ltd, EasyBet is owned by a different company, but still operates under the same licence.
It is not known for how long player information has been left unprotected or what is the magnitude of the impact on players or who else has been able to access the server apart from Justin Paine.
Mountberg Ltd is yet to comment on this major issue although the server has gone offline. However, according to Paine, it is unclear whether the company took it down or the OVH firewalled it instead.