Posted date: February 10, 2024, 05:51.
Last updated: February 10, 2024 07:22h.
A Nevada-based technology startup that developed an app for the WinStar World Casino and Resort in Thackerville, Oklahoma, was “leaking customers’ personal information onto the open web,” according to reports. tech crunch report.
A company called Dexiga built the MyWinStar app that allows users to track the rewards points, promotions, and offers they earn, as well as pay for games and WinStar amenities during their stay.
However, according to the technology news portal, Dexiga had failed to password protect one of its log databases. This meant that anyone who knew Dexiga’s public IP address could access her WinStar customers’ personal information on the leaked database.
This includes your name, phone number, email address, home address, your gender, and the IP address of your device. None of the data was encrypted, but some sensitive information such as date of birth was redacted with asterisks. tech crunch.
The database was secured as follows: tech crunch I contacted Dexiga to raise a red flag.
“The world’s largest casino”
WinStar, owned by the Chickasaw Nation, claims the world’s largest casino by square foot. Located near the Texas border, it welcomes many tourists each year. It is not clear how many customers’ personal information was exposed due to the security lapse, or whether this information was accessed by malicious parties before it was discovered.
The error was first noticed by Anurag Sen, a sincere security researcher with a track record of discovering leaked data.he contacted tech crunch In response to his concerns, the tech portal was able to link its database to Dexiga.
In an email communication with TechCrunch, Dexiga founder Rajini Jayaseelan claimed that the database contained “publicly available information” and claimed that his company had leaked sensitive data. He denied what he had done.
Jayaseelan added that the incident occurred during a log migration performed last month. He declined to say whether Dexiga can determine whether someone accessed the database while it was publicly available.
Focus on casino security
The methods casinos use to protect sensitive customer data and fend off hackers have come into focus in recent years after numerous security beaches.
In September, the so-called “Scattered Spider” hacker group orchestrated devastating ransomware attacks against MGM Resorts and Caesars Entertainment.
After MGM refused to pay the ransom, its operations were disrupted for several days, causing an estimated $100 million in damages. Caesars paid the hackers about $15 million to restore normal service, according to the company. Wall Street Journal.
Casinos are attractive targets for cybercriminals due to the sheer amount of data they accumulate through loyalty programs and the high use of credit cards for hotel reservations.
WinStar World did not respond to a request for comment from. casino.org At the time of publication.