Data Leak on Online Gambling App puts Millions of Users at Risk of Cyber Attacks
A massive data leak discovered on the technical database of popular casino gambling app Cubillion exposed daily activities and personal identifiable information of millions of users, according to vpnMentor researchers.
Housed on a misconfigured Elasticsearch engine, the unprotected database recorded up to 200 million records per day (50GB), including details of technical activity of Android and iOS users around the globe.
According to the investigators” report, “every time an individual player took any action on the app, a record was logged.” These actions include:
â€¢ Entering a game
â€¢ Game status (win or lose)
â€¢ Creating or updating an account
Various forms of personal identifiable information (PII) were also up for grabs, including IP and email addresses, winnings and private messages.
The data leak impacted users from nearly every continent, and some countries revealed higher user activity. For example, average daily users exceeded 10,000 for the U.S., 7,700 for Canada, 6,200 for Australia, and 3,800 for Brazil.
Data breaches appear to be common events these days. Find out more about how you can regain control of your personal information with Bitdefender”s Digital Identity Protection.
The breach was discovered on March 19, and public access was closed off on April 5, after researchers contacted Amazon Web Services.
Researchers emphasized that “free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals” that go after the private information of users or embed malicious software to access userss devices.
“If cybercriminals used Clubillion to embed malware or similar onto a user”s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device,” researchers said. “Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.”
With the leaked information, an attacker could target users with phishing campaigns that could lead to further data and financial exposure.
The developers also risk losing millions of players, and since many Clubillion users reside with the EU, Europe”s privacy watchdog could issue a hefty fine for app publishers.
Researchers also speculate a grim outcome for the app. “Clubillion could potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.”
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022