‘World’s biggest casino’ app exposed customers’ personal data | TechCrunch

‘World’s biggest casino’ app exposed customers’ personal data | TechCrunch

The startup that develops the phone app for casino resort giant WinStar has secured an exposed database that was spilling customers’ private information to the open web.

Oklahoma-based WinStar bills itself as the “world’s biggest casino” by square footage. The casino and hotel resort also offers an app, My WinStar, in which guests can access self-service options during their hotel stay, their rewards points and loyalty benefits, and casino winnings.

The app is developed by a Nevada software startup called Dexiga.

The startup left one of its logging databases on the internet without a password, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored within using only their web browser.

Dexiga took the database offline after TechCrunch alerted the company to the security lapse.

Screenshots of the My WinStar app. Image Credits: Google Play (screenshot)

Anurag Sen, a good-faith security researcher who has a knack for discovering inadvertently exposed sensitive data on the internet, found the database containing personal information, but it was initially unclear who the database belonged to.

Sen said the personal data included full names, phone numbers, email addresses and home addresses. Sen shared details of the exposed database with TechCrunch to help identify its owner and disclose the security lapse.

TechCrunch examined some of the exposed data and verified Sen’s findings. The database also contained an individual’s gender and the IP address of the user’s device, TechCrunch found.

None of the data was encrypted, though some sensitive data — such as a person’s date of birth — was redacted and replaced with asterisks.

A review of the exposed data by TechCrunch found an internal user account and password associated with Dexiga founder Rajini Jayaseelan.

Dexiga’s website says its tech platform powers the My WinStar app.

To confirm the source of the suspected spill, TechCrunch downloaded and installed the My WinStar app on an Android device and signed up using a phone number controlled by TechCrunch. That phone number instantly appeared in the exposed database, confirming that the database was linked to the My WinStar app.

TechCrunch contacted Jayaseelan and shared the IP address of the exposed database. The database became inaccessible a short time after.

In an email, Jayaseelan said Dexiga secured the database but claimed the database contained “publicly available information” and that no sensitive data was exposed.

Dexiga said the incident resulted from a log migration in January. Dexiga did not provide a specific date when the database became exposed. The exposed database contained rolling daily logs dating back to January 26 at the time it was secured.

Jayaseelan might not say if Dexiga has the technical means, such as access logs, to determine if anyone else accessed the database while it was exposed to the internet. Jayaseelan also might not say if Dexiga has notified WinStar of the security lapse, or if Dexiga might inform affected customers that their information was exposed. It is not immediately known how several individuals had personal data exposed by the data spill.

“We are further investigating the incident, continue to monitor our IT systems, and will take necessary future actions accordingly,” Dexiga said in response.

WinStar’s general manager Jack Parkinson did not respond to TechCrunch’s emails requesting comment.

Read more on TechCrunch:

Disasters Expo USA, is proud to be supported by Inergency for their next upcoming edition on March 6th & 7th 2024!

The leading event mitigating the world’s most costly disasters is returning to the Miami Beach

Convention Center and we want you to join us at the industry’s central platform for emergency management professionals.
Disasters Expo USA is proud to provide a central platform for the industry to connect and
engage with the industry’s leading professionals to better prepare, protect, prevent, respond
and recover from the disasters of today.
Hosting a dedicated platform for the convergence of disaster risk reduction, the keynote line up for Disasters Expo USA 2024 will provide an insight into successful case studies and
programs to accurately prepare for disasters. Featuring sessions from the likes of The Federal Emergency Management Agency,
NASA, The National Aeronautics and Space Administration, NOAA, The National Oceanic and Atmospheric Administration, TSA and several more this event is certainly providing you with the knowledge
required to prepare, respond and recover to disasters.
With over 50 hours worth of unmissable content, exciting new features such as their Disaster
Resilience Roundtable, Emergency Response Live, an Immersive Hurricane Simulation and
much more over just two days, you are guaranteed to gain an all-encompassing insight into
the industry to tackle the challenges of disasters.
By uniting global disaster risk management experts, well experienced emergency
responders and the leading innovators from the world, the event is the hub of the solutions
that provide attendees with tools that they can use to protect the communities and mitigate
the damage from disasters.
Tickets for the event are $119, but we have been given the promo code: HUGI100 that will
enable you to attend the event for FREE!

So don’t miss out and register today: https://shorturl.at/aikrW

And in case you missed it, here is our ultimate road trip playlist is the perfect mix of podcasts, and hidden gems that will keep you energized for the entire journey


This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More