The Biggest Online Casino Data Breaches - Updated

The online world is an amazing universe that guarantees instant connectivity and instant access to whatever you want from the comfort of our home.

13:40 11 November 2019

Log in and get instant access to whatever you need – goods, movies and also online casino games. And therein lies the biggest threat – when you log in you provide personal data. And that data can be easily accessed by skilled hackers regardless of the level of security surrounding the repositories where they are stored.

Data breaching is the stuff of new age science fiction and also a nightmarish reality. If you are someone with evil intentions and the right skillsets, all you have to do is hack into systems that store data and manipulate or sell it to those who need it. There have been quite a few instances of major data breaches in recent times.

The following figures give you an idea of how real, how huge and how devastating data breaches can be:

• 10 billion: The number of records that have been breached since 2013.
  
  
• 50 million: The number of Facebook accounts compromised in 2018.
  
  
• 97%: The number of people who provide sensitive personal information for use on digitally transformative tech
  
  
• 93%: The number of social attack-based breaches that occur due to phishing and pretexting
• $3.86 million: The average cost of a data breach
  
  

A number of industries are high value targets for data breaches and one of them is the casino industry – online as well as offline. We take a look at some of the biggest data breaches in the online casino industry and also offline in recent times.

Curacao Online Gambling Data Leak

One of the biggest data breaches relating to the online casino industry was detected at the beginning of 2019. It was discovered by Justin Paine, a security researcher who found the data to be leaking off an ElasticSearch server which, somehow, had remained exposed and unprotected as there was no password to it. That is surprising given that servers like these are generally seen on internal networks and do not get left unprotected online.

Paine conducted an analysis of the URLs that were seen on the server and found an entire real money casino list there, including domains like EasyBet.com, Azur-Casino.com, VIPRoomCasino.net and KahunaCasino.com, among others. Most of these domains were owned by a single company and there were a few that were owned by other companies that had:

• Offices in the same building as the one that owned these brands
  
  
• The same gaming license number from the Government of Curacao
  
  

What was alarming was the sheer volume of data left exposed – there was information pertaining to a whopping 108 million wagers. The user data that was leaked due to the breach included:

• Real names of players
  
  
• Residential address details
  
  
• E-mail addresses
  
  
• Phone numbers
  
  
• Details about date of birth
  
  
• User names at the different sites
  
  
• Account balance information
  
  
• Browser details
  
  
• OS details
  
  
• IP address data
  
  
• List of games played
  
  
• Details about the players’ last log in
  
  

The 108 million records about the wagers that were exposed related to details of:

• Current wagers
  
  
• Deposits
  
  
• Wins
  
  
• Withdrawals
  
  
• Payment card information
  
  

Possible Data Breach for Players from Thailand

In August 2019, the Thailand government issued an alert to online gamblers from that country about the possible breach of personal information post playing at online casinos run by international operators. The number of persons whose data was likely to be breached stood at 3.3 million: the Thailand Computer Security Coordination Center (ThaiCERT), a state-owned agency, said these records were found in foreign databases that also hosted online gambling sites.

The total number of records ThaiCERT examined were 41 million, of which 3.3 million were found to be of Thai nationals. The alert issued by ThaiCERT asked people to be careful about receiving calls from and responding to people who had queries about their personal data through any media, be it social media, telephone or e-mail.

Data Breach Worries: Warning for 200 Million iOS and Android Gamers

Recently this year a cybercriminal going by the moniker Gnosticplayers claimed to have breached confidential data of more than 200 million users of Android and iOS devices who played Zynga games. The cybercriminal claims to have breached the data from the Words with Friends player database.