Connect with us

Hi, what are you looking for?

Cyber Security

Online gaming platform VIP Games exposes 23 million data records on misconfigured server

More than 23 million records were left exposed on a misconfigured server by free gaming platform VIPGames.com.

Researchers from WizCase found the personal data of 66,000 users – equating to 23 million datasets – exposed on an Elasticsearch server, a blog post reads.

“Our cybersecurity team found that confidential data on VIPGames.com was accessible to the public and could be viewed by anyone with the URL of the ElasticSearch server, left open without any password protection or encryption,” researcher Chase Williams wrote.

Compromised information includes usernames, email addresses, device details, IP addresses, hashed passwords, and more.

Game over

VIP Games, owned by software development company Casualino JSC, offers free online versions of classic board and card games such as Ludo, Rummy, and Dominoes.

According to WizCase, it attracts more than 20,000 daily active players on its desktop site, while its mobile app has more than 100,000 downloads from the Google Play Store alone.

Researchers found more than 30GB of sensitive data records, some of which included details on in-game transactions.

WizCase warned that the implications of the breach could be costly for victims if the exposed data is viewed by nefarious actors.

“If such data had fallen into the hands of cybercriminals, it could have been exploited for identity theft, fraud, phishing, scamming, espionage and malware infestation,” wrote the researchers in a blog post.

The Daily Swig has reached out to VIP Games.com for comment.

Source: https://portswigger.net/daily-swig/online-gaming-platform-vip-games-exposes-23-million-data-records-on-misconfigured-server

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO