Home WinStar Casino’s Mobile App Accidentally Exposed Customer Data
News

WinStar Casino’s Mobile App Accidentally Exposed Customer Data

Krishi Chowdhary Journalist Author expertise
Disclosure
Disclosure
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.

WinStar Casino’s Mobile App Accidentally Exposed Customer Data

Popular casino app My WinStar—self-titled as the “world’s biggest casino”—was recently struck by a security lapse that led to the exposure of a database that contained their customers’ personal details. As of now, it’s unclear how many user’s details have been compromised.

The app belongs to an Oklahoma-based casino and resort called WinStar and is developed by a Nevada-based tech company called Dexiga. The app is used by the guests of the resort during their stay to access self-service options such as accessing their loyalty benefits, reward points, and casino winnings.

The leak was discovered by Anurag Sen, a security researcher with a knack for discovering accidental leaks and exposed sensitive data.

Further investigation revealed that the leaked database contained a lot of personal details such as the customer’s name, contact details, gender, home address, and even IP address.

The extent of damage is still unknown but it was found that some of the user’s date of birth were edited and replaced with asterisks. The rest of the information was not encrypted which shows that the leak might have happened recently.

How Did The Leak Happen?

Investigations so far have linked the initial source of the leak to Dexiga. It accidentally left one of its logging databases online without a password. So anyone who knew the database’s IP address could access WinStar’s customer files using just their browser; no fancy tools needed.

An internal user account and password that belongs to Dexiga founder Rajini Jayaseelan were also found in the exposed data, confirming the connection.

Luckily, the company was swift in taking action. As soon as they were notified about the exposure, the database was taken offline.

We are further investigating the incident, continue to monitor our IT systems, and will take necessary future actions accordingly.Dexiga

In an email statement, Jayaseelan said that they have secured the database now. But the exposure shouldn’t be a huge cause of concern as all the data in it was “publicly available information”. No confidential data was compromised.

Neither Jayaseelan nor Dexiga confirmed the exact date when the database was exposed so it’s hard to tell how long the leak went undetected. But we do know for a fact that up until January 26, the database was secure.

Speaking of the timeline behind the leak, the casino said that it all likely started in late January post a long migration.

The company has remained mum on many important questions. For instance, when asked whether they have the necessary tools to determine whether anyone else accessed the database while it was exposed, they didn’t give a clear answer.

It’s also unclear whether Dexiga notified WinStar and its customers about the leak. WinStar’s general manager, Jack Parkinson, was unavailable for comment.

This news comes at the heels of Chainalysis’s report stating that cyberattack extortions reached an all-time high at $1.1 billion last year. This goes on to show that the industry desperately needs better data management and security tools so that customer information isn’t so easily compromised.

Question & Answers (0)

Have a question? Our panel of experts will answer your queries. Post my Question

Leave a Comment

Write a Review

Your email address will not be published. Required fields are marked *

Krishi Chowdhary Journalist

Krishi Chowdhary Journalist

Krishi is an eager Tech Journalist and content writer for both B2B and B2C, with a focus on making the process of purchasing software easier for businesses and enhancing their online presence and SEO. Krishi has a special skill set in writing about technology news, creating educational content on customer relationship management (CRM) software, and recommending project management tools that can help small businesses increase their revenue. Alongside his writing and blogging work, Krishi's other hobbies include studying the financial markets and cricket.

Latest News

Neuralink’s Human Tester Can Control A Mouse With Thoughts
News

Neuralink’s First Human Tester Can Control A Computer Mouse With Thoughts

Super Bowl LVII stadium
Statistics

Super Bowl Cities: Economic Impact and Tourism Statistics

The biggest sporting event of the year in the US is bound to have a significant economic impact. Over the last few years, Super Bowl cities have seen a lot...

Microsoft to invest $2.1 Billion in AI and Cloud Growth in Spain
News

Microsoft to Invest $2.1 Billion in AI and Cloud Growth in Spain

Microsoft has announced plans to invest $2.1 billion over the next two years to significantly scale up its artificial intelligence (AI) development and cloud computing capacities in Spain. The major...

Tinder Introduces Blue Checkmark For UK Citizens
News

Tinder Introduces Blue Ticks For UK Citizens To Combat Fake Profiles

Ripple XRP Price Surges Amidst Anticipation of SEC VS Ripple Lawsuit’s Development
Crypto News

Ripple XRP Price Surges Amidst Anticipation of SEC VS Ripple Lawsuit’s Development

Top Crypto Gainers on 20 February – AR, FIL, and KAS
Crypto News

Top Crypto Gainers on 20 February – AR, FIL, and KAS

Cool Cleaning Industry Statistics
Statistics

30 Interesting Cleaning Industry Statistics for 2024