WinStar Casino App Was ‘Spilling Customer Data’: TechCrunch

Posted on: February 10, 2024, 05:51h. 

Last updated on: February 10, 2024, 07:22h.

A Nevada-based tech startup that developed the app for the WinStar World Casino and Resort in Thackerville, Okla., was “spilling customers’ private information to the open web,” according to a TechCrunch report.

WinStar World, MyWinStar, data leak, Dexiga
The WinStar World claims to be the biggest casino in the world. But the company it hired to build its “MyWinStar” app left an even bigger hole in one of its customer databases, according to TechCrunch. (Image: NBC)

The company, Dexiga, built the MyWinStar app, which allows users to keep track of earned rewards points, promotions, and offers, as well as pay for gaming and WinStar amenities during their stay.

But Dexiga had failed to secure one of its logging databases with a password, according to the tech news portal. This meant anyone with knowledge of Dexiga’s public IP address had access to WinStar customers’ private information on the leaky database.

This included full names, phone numbers, email addresses, home addresses, the users’ gender, and the IP address of the users’ devices. None of the data was encrypted, although some sensitive information, such as dates of birth, were redacted with asterisks, according to TechCrunch.

The database has now been secured after TechCrunch contacted Dexiga to raise a red flag.

‘World’s Biggest Casino’

WinStar, owned by the Chickasaw Nation, claims to be the largest casino in the world by square footage. Based close to the Texas border, it welcomes a multitude of visitors every year. It is not clear how many customers’ personal information was exposed by the security lapse or whether this information was accessed by any bad actors prior to discovery.

The lapse was first noticed by Anurag Sen, a good-faith security researcher with a proven history of discovering exposed data. He contacted TechCrunch with his concerns, and the tech portal was able to link the database to Dexiga.

In email communication with TechCrunch, Dexiga founder Rajini Jayaseelan claimed that the database contained “publicly available information” and denied his company had exposed sensitive data.

Jayaseelan added that the incident had occurred during a log migration performed last month. He declined to say whether Dexiga is able to determine if anyone accessed the database while it was exposed.

Casino Security in Hard Focus  

The methods casinos use to protect sensitive customer data and repel hackers have come into hard focus in recent years after numerous security beaches.

In September, the so-called “Scattered Spider” hacking group orchestrated devastating ransomware attacks on MGM Resorts and Caesars Entertainment.

After refusing to pay the ransom, MGM experienced disruption to its operations that lasted for days and caused an estimated $100 million in damage. Caesars paid the hackers around $15 million to have normal services restored, according to The Wall Street Journal.

Casinos are attractive targets for cybercriminals because of the huge amount of data accrued through loyalty programs and the credit card-intensive nature of hotel booking.

WinStar World had failed to reply to a request for comment from at the time of publication.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Do you run a company that want to build a new website and are looking for a web agency in Sweden that can do the job? At Partna you can get connected to experienced web agencies that are interested in helping you with your website development. Partna is an online service where you simply post your web development needs in order to get business offers from skilled web agencies in Sweden. Instead of reaching out to hundreds of agencies by yourself, let up to 5 web agencies come to you via Partna.
Back to top button