Mexican Online Casino Allegedly Forgets Password, Jeopardizing User Data
Casino hacking attempts have made plenty of news in recent months, but one online gaming operator is in hot water after allegedly leaving player data accessible online after failing to set a password to secure the information.
Mexican online gaming operator Strendus is alleged to have left open access to numerous users’ personal data in what some media reports have called a “rookie mistake.” The breach was first discovered by Cybernews, and the outlet reported that the “data was likely compromised by unauthorized actors.”
“The Cybernews research team discovered that Strendus … had left public access to 85GB of its authentication logs, with hundreds of thousands of entries containing private gamblers’ data. The open instance also contained data from another online casino, MustangMoney.”
Major Security Breach
Cybernews believes a treasure trove of personal data was available to those who accessed the site. Some of that included names, home addresses, phone numbers, government ID numbers, email addresses, IP addresses, and more.
The report was able to document at least 16 instances of access by unauthorized users. The team discovered the breaches on April 7 and reported the problems to the companies. However, the access remained open until mid-October.
“The fact that these indices were discovered suggests that the instance was not under regular monitoring, putting users at risk,” the site noted. “This is particularly concerning, as casinos store a significant amount of customer data, making them attractive targets for cybercriminals.”
Protecting computer systems and personal user data has become a growing concern in the gaming industry. In September, MGM Resorts saw many of its casino operations shut down because of a cyber security breach.
The hack affected the company’s websites, reservations systems, email accounts, slot operations, and more. The ordeal left the company stymied for days and employees resorted to face-to-face hotel check-ins, reservations by phone, and even paying out in cash for slot players.
MGM noted in an SEC filing that the hacks cost $100 million in lost revenue and a $10 million one-time charge for technology consulting services, legal fees, and other expenses.
Caesars Entertainment also experienced a similar hacking attempt, but ultimately paid a $30 million ransom to gain access to the company’s computer systems. In Canada, Gateway Casinos saw many of its properties also shut down for several days in April after a similar hacking attempt seen by MGM.
The Centripetal cybersecurity firm reports that gaming companies saw a 260% increase in online attacks from the fourth quarter of 2021 to the first quarter of 2022.