1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • The mobile app for the 'world's biggest casino' had some major se

    From TechnologyDaily@1337:1/100 to All on Mon Feb 12 13:45:05 2024
    The mobile app for the 'world's biggest casino' had some major security flaws

    Date:
    Mon, 12 Feb 2024 13:38:10 +0000

    Description:
    It was collecting people's data and sending it to an unsecured database that was later discovered.

    FULL STORY ======================================================================

    The mobile app for the worlds biggest casino was sending customers private data to a database that was sitting on the web without a password, available for anyone who knew where to look.

    The My WinStar app was designed as a complementary app for people visiting
    the WinStar casino and hotel resort in Oklahoma, US, known for being the largest casino in terms of square footage anywhere in the world.

    Customers could use the app to access different self-service options while staying at the hotel, redeem rewards, loyalty benefits, and even casino winnings. Publicly available invormation, or sensitive data?

    The database was initially discovered by a security researcher Anurag Sen,
    who also found an exposed email server hosted on Azure that belonged to the
    US Government, back in February 2023, as well as an Amazon Prime database in October 2022. In all those cases, as well as in this one, Sen did the same thing - tip off TechCrunch on his findings, which later helped him identify the databases owner.

    In this case, as TechCrunch was going through the database to confirm its authenticity, it found data belonging to Rajini Jayaseelan, founder of
    Dexiga, the tech startup that develops and maintains My WinStar. This made
    the researchers sign up on the My WinStar app and lo and behold - the data immediately appeared in the exposed database, confirming its owner.

    Commenting on the findings, Jayaseelan said Dexiga only kept publicly available information in that database, and that it held no sensitive data. However, the file contained peoples full names, phone numbers, email addresses, as well as physical addresses.

    Soon after the discovery, the company plugged the hole and secured the database.

    There is no telling how long the database sat there unprotected, but rolling daily logs dated back to January 26, at the time it was secured, TechCrunch confirmed. It is also left unconfirmed if anyone managed to access it before, or not.

    We are further investigating the incident, continue to monitor our IT
    systems, and will take necessary future actions accordingly, Dexiga noted in response. More from TechRadar Pro A US government email server was found without any password security Here's a list of the best firewalls around
    today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/the-mobile-app-for-the-worlds-biggest-c asino-had-some-major-security-flaws


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)