Data Breach Hits Another Online Casino

Article by : Erik Gibbs Feb 12, 2024

• 
• 

A recent security breach has spotlighted the startup responsible for the phone app associated with the WinStar casino resort. This incident has brought concerns regarding the security of personal information in the digital era.

The compromised security of the My WinStar app underscores the importance of protecting sensitive data and emphasizes the necessity for proactive measures to thwart unauthorized access.

WinStar, based in Oklahoma and acclaimed as the “world’s biggest casino,” utilizes the My WinStar app, developed by Nevada software startup Dexiga. However, a notable lapse on the part of Dexiga led to the exposure of a logging database, resulting in unauthorized access to the personal data of customers.

The compromised database encompassed a spectrum of personal details, including full names, phone numbers, email addresses, home addresses, gender and device IP addresses.

Despite the gravity of the security breach, the data that was stolen lacked encryption, with only limited redaction applied to sensitive elements such as birth dates.

Upon detecting the security lapse, Dexiga promptly took the compromised database offline. However, the company sought to downplay the incident by asserting that the exposed data constituted “publicly available information” and that no compromise of sensitive data occurred.

Dexiga attributed the breach to a log migration and highlighted its ongoing investigations and continuous monitoring of their IT systems. The breach has prompted inquiries regarding the safeguarding of personal data and the potential repercussions for those affected.

Dexiga’s response concerning the notification of affected customers and communication with WinStar remains ambiguous, leaving uncertainties regarding the extent of the data exposure and its ramifications.

The Scattered Spider hacking group claimed responsibility for breaching the systems of MGM Resorts International and Caesars Entertainment, extracting six terabytes of data.

The group, communicating via Telegram, stated they had no intention of making the data public and did not confirm ransom demands.

Both companies are investigating, and Caesars reported to regulators that hackers accessed data, including driver’s licenses and social security numbers, of loyalty program members on September 7.

Caesars reported a “social engineering attack” on an IT vendor as the cause of their breach.

Despite earlier reports, Caesars declined to comment on whether a ransom was paid. Both MGM and Caesars did not respond to requests for comments on the extent of the data breach.

Scattered Spider has been linked to over 100 intrusions in the last two years across various industries.

MGM’s operations remain disrupted, with visuals of error messages on slot machines circulating on social media. Scattered Spider is possibly a subgroup of the ALPHV ransomware hacking outfit. The FBI is investigating both incidents at MGM and Caesars.