Led by Noam Rotem and Ran Locar,vpnMentorsresearch team discovereda data breach on casino gambling app Clubillion.
Aside from leaking activity on the app, the breached databasealso exposed private user information.
With this information publicly available,Clubillions users were vulnerable to fraud and various online attackswith potentially devastating results.
Both versions of Clubillion were released in 2019 and became instant hits.
But rare are these times.
Most often, we need days of investigation before we understand whats at stake or whos leaking the data.
Some affected parties deny the facts, disregarding our research, or playing down its impact.
So, we need to be thorough andmake sure everything we find is correct and accurate.
It was closed a few days later.
Every time an individual player took any action on the app, a record was logged.
In total, this amounted to over50GB of exposed records in the database every single day.
They could even access a users phone contacts andsteal the PII data of their friends and family.
Clubillion stands to gain many new users, along with regular users playing more frequently.
Clubillion is not unique, and players have plenty of other choices for free gambling apps.
With fewer players, Clubillion will lose advertising revenue and reduced profits.
To learn about data vulnerabilities in general,read ourcomplete guide to online privacy.
Each detected weak point is then thoroughly inspected for any signs of data leakage.
Our team was able to access this database because it was completely unsecured and unencrypted.
As ethical hackers,were obliged to inform a company when we discover flaws in their online security.
The purpose of this web mapping project is to helpmake the internet safer for all users.
We then verify and report any submission deemed a legitimate threat to the publics safety.
We never sell, store, or expose any informationwe encounter during our security research.
This includes any information reported to us via The Leak Box.
Our ethical security research team has discovered and disclosed some of the most impactful data leaks in recent years.
[Publication date: 07.07.2019]
like, comment on how to improve this article.
