ElasticSearch is actually a portable, high-grade search engine which organizations install to improve their web programs’ data indexing and search capacities. Such servers are usually installed on internal networks and aren’t intended to be left exposed online, since they often handle that a organization’s most sensitive information.
casino world , Paine discovered one particular ElasticSearch case that’d been left unsecured on the web free of authentication to secure its sensitive articles. From a first look, it had been evident to Paine that the server contained data via an on the web gambling portalsite.
Despite being a server, the ElasticSearch instance managed a huge swathe of details which has been aggregated from multiple web domains, most likely from some sort of affiliate system, or perhaps a larger company operating multiple gaming portals.
After an analysis of the URLs spotted from the host’s data, Paine and ZDNet concluded that most domains were running online casinos at which players may put bets on classic slot and cards games, but also other nonstandard gaming matches.
A few of the domains that Paine seen from the leaky server comprised kahunacasino.com, azur-casino.
After some digging around, some of the domain names were possessed by exactly the same business, but the others were possessed by organizations located in the exact same building with an address in Limassol, Cypruswere operating under exactly the exact same e-gaming license number issued by the federal government of Curacao –a small island at the Caribbean — indicating that they were most likely operated with precisely the exact same entity.
An individual data which leaked out of this shared ElasticSearch server included a lot of sensitive data, such as real names, home addresses, phone numbers, email addresses, birth dates, site user names, account balances, IP addresses, browser and OS information, last login information, and a set of played games.