2 min read

Data Leak on Online Gambling App puts Millions of Users at Risk of Cyber Attacks

Alina BÎZGĂ

July 09, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Data Leak on Online Gambling App puts Millions of Users at Risk of Cyber Attacks

A massive data leak discovered on the technical database of popular casino gambling app Cubillion exposed daily activities and personal identifiable information of millions of users, according to vpnMentor researchers.

Housed on a misconfigured Elasticsearch engine, the unprotected database recorded up to 200 million records per day (50GB), including details of technical activity of Android and iOS users around the globe.

According to the investigators” report, “every time an individual player took any action on the app, a record was logged.” These actions include:

• Entering a game
• Game status (win or lose)
• Creating or updating an account

Various forms of personal identifiable information (PII) were also up for grabs, including IP and email addresses, winnings and private messages.

The data leak impacted users from nearly every continent, and some countries revealed higher user activity. For example, average daily users exceeded 10,000 for the U.S., 7,700 for Canada, 6,200 for Australia, and 3,800 for Brazil.

Data breaches appear to be common events these days. Find out more about how you can regain control of your personal information with Bitdefender”s Digital Identity Protection.

The breach was discovered on March 19, and public access was closed off on April 5, after researchers contacted Amazon Web Services.

The Impact

Researchers emphasized that “free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals” that go after the private information of users or embed malicious software to access userss devices.

“If cybercriminals used Clubillion to embed malware or similar onto a user”s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device,” researchers said. “Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.”

With the leaked information, an attacker could target users with phishing campaigns that could lead to further data and financial exposure.

The developers also risk losing millions of players, and since many Clubillion users reside with the EU, Europe”s privacy watchdog could issue a hefty fine for app publishers.

Researchers also speculate a grim outcome for the app. “Clubillion could potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.”

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

DOJ Leaks Trove of California Gun Owners’ Personal Information Online DOJ Leaks Trove of California Gun Owners’ Personal Information Online
Alina BÎZGĂ

July 01, 2022

2 min read
Exposed Server at Malaysian POS Software Provider Leaks Data of 1 Million Customers Exposed Server at Malaysian POS Software Provider Leaks Data of 1 Million Customers
Alina BÎZGĂ

June 22, 2022

2 min read
Is someone abusing your credit card? Here’s what you can do to prevent credit card fraud Is someone abusing your credit card? Here’s what you can do to prevent credit card fraud
Alina BÎZGĂ

June 14, 2022

2 min read