Security Newsletter
28 January 2019
Online casino group leaks information on 108 million bets, including user details
An online casino group has leaked information on over 108 million bets, including details about customers' personal information, deposits, and withdrawals, ZDNet has learned. The data leaked from an ElasticSearch server that was left exposed online without a password.
ElasticSearch is a portable, high-grade search engine that companies install to improve their web apps' data indexing and search capabilities. Such servers are usually installed on internal networks and are not meant to be left exposed online, as they usually handle a company's most sensitive information.
Despite being one server, the ElasticSearch instance handled a huge swathe of information that was aggregated from multiple web domains, most likely from some sort of affiliate scheme, or a larger company operating multiple betting portals. Some of the domains that Paine spotted in the leaky server are from Mountberg Limited, including kahunacasino.com, azur-casino.com, easybet.com, and viproomcasino.net, just to name a few.
The user data that leaked from this common ElasticSearch server included a lot of sensitive information, such as real names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, browser and OS details, last login information, and a list of played games. Furthermore, Paine also found roughly 108 million records containing information on current bets, wins, deposits, and withdrawals. Data on deposits and withdrawals also included payment card details.
All of these exposed databases were found by independent researchers using tools anyone, including cybercriminals, can access. That is the important point – the problem of exposed Elasticsearch data is out of the bag and people are now looking for it.
Read More on ZDNet
Even More on NakedSecurity
 
Can you spot when you’re being phished?
Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Can you tell what's fake?
On Tuesday, Google’s Jigsaw unit published a quiz that tests users’ abilities to identify phishing emails. The quiz tests you on a series of emails to see if you can distinguish telltale signs of phishing.
“Phishing is, by far, the most common form of cyberattack,” Jigsaw explains in a blog post. “One percent of emails sent today are phishing attempts.” According to the post, the quiz is based on trainings Jigsaw held with “10,000 journalists, activists, and political leaders.”
In total, there are eight examples that Google tests you on, some representing legitimate emails and others phishing scams. Many of the examples are actually based on real events, such as the massive phishing attempt that hit Google Doc users in 2017 or an email that Russian hackers sent to Hillary Clinton’s campaign manager in 2016.
Take the Quiz!
Read More on TheVerge
 
More #News
 
#Patch Time!
 
#Tech and #Tools
This content was created by Kindred Group Security. Please share if you enjoyed!
Kindred Group in brief
Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and as an innovation driven company that builds on trust.
You can access the previous newsletters at https://news.infosecgur.us
If you no longer wish to receive this newsletter, you can unsubscribe from this list.