‘World’s biggest casino’ app exposed customers’ personal data
Reading Time: 2 minutesThe startup that develops the phone app for casino resort giant WinStar has secured an exposed database that was spilling customers’ private information to the open web.
Oklahoma-based WinStar bills itself as the ‘world’s biggest casino’ by square footage. The casino and hotel resort also offers an app, My WinStar, in which guests can access self-service options during their hotel stay, their rewards points and loyalty benefits, and casino winnings.
The app is developed by a Nevada software startup called Dexiga.
The startup left one of its logging databases on the internet without a password, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored within using only their web browser.
Anurag Sen, a good-faith security researcher who has a knack for discovering inadvertently exposed sensitive data on the internet, found the database containing personal information, but it was initially unclear who the database belonged to.
None of the data was encrypted, though some sensitive data — such as a person’s date of birth — was redacted and replaced with asterisks.
Dexiga’s website says its tech platform powers the My WinStar app.
In an email, Jayaseelan said Dexiga secured the database but claimed the database contained ‘publicly available information’ and that no sensitive data was exposed.
Dexiga said the incident resulted from a log migration in January. Dexiga did not provide a specific date when the database became exposed. The exposed database contained rolling daily logs dating back to January 26 at the time it was secured.
Jayaseelan would not say if Dexiga has the technical means, such as access logs, to determine if anyone else accessed the database while it was exposed to the internet. Jayaseelan also would not say if Dexiga has notified WinStar of the security lapse, or if Dexiga would inform affected customers that their information was exposed. It is not immediately known how many individuals had personal data exposed by the data spill.
‘We are further investigating the incident, continue to monitor our IT systems, and will take necessary future actions accordingly,’ Dexiga said in response.
- Researchers say attackers are mass-exploiting new Ivanti VPN flaw
- Security flaw in a popular smart helmet allowed silent location tracking
- Government hackers targeted iPhone owners with zero-days, Google says
- HopSkipDrive says personal data of 155,000 drivers stolen in data breach
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG