Connect with us
Prague Gaming & TECH Summit 2025 (25-26 March)

Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

Published

on

Reading Time: 5 minutes

 

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

  • Date discovered: 19th March 2020
  • Date vendors contacted: 23rd March 2020
  • Date of contact with AWS: 31st March 2020
  • Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

  • “enter game”
  • “win”
  • “lose”
  • “update account”
  • “create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)
  • IP addresses
  • Email addresses
  • Winnings
  • Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

  • USA – 10,000+
  • UK – 2,475+
  • France – 1,650+
  • Israel – 408+
  • Germany – 1,582+
  • Spain – 1,026+
  • Italy – 2,407+
  • Netherlands – 622+
  • Australia – 6,251+
  • Canada – 7,792+
  • Brazil – 3,859+
  • Sweden – 191+
  • Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

  1. Trick them into providing their credit card details
  2. Trick them into providing additional PII to be used against them in further fraud
  3. Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

  1. Securing their servers.
  2. Implementing proper access rules.
  3. Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted. 

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

The purpose of this web mapping project is to help make the internet safer for all users.

 

Source

Continue Reading
Advertisement

Latest News

Saroca Unveils the Transformational Leadership Program for 2025

Published

on

saroca-unveils-the-transformational-leadership-program-for-2025
Reading Time: 2 minutes

Saroca Reimagines Leadership Development for the Gaming Industry

Saroca, a leader in professional development for the gaming industry, is proud to announce its Transformational Leadership Program, launching February 2025. Building on the success of the 2024 LeadHERship Program—a pioneering initiative for women in gaming—the new program expands its reach with two distinct cohorts: one exclusively for women and another open to all genders.

The Legacy of LeadHERship

The 2024 LeadHERship Program achieved an exceptional Net Promoter Score (NPS) of 90, with participants citing transformative growth. With participants like Clemence Dujardin citing it as a “game-changer”. Confidence in leadership abilities rose by 46%, resilience increased by 27%, and imposter syndrome diminished by 39%.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Participants praised the program’s focus on emotional resilience, feedback mastery, executive presence and communication all in a supportive community.

Leadership Development: A Game-Changer for Gaming

In a rapidly evolving and diversifying industry, strong leadership is essential. Saroca’s programs go beyond skill-building to foster resilience, trust, and inclusivity—key traits for thriving in the global gaming market.

“We believe leadership is not about hierarchy—it’s about transformation,” said Emily Leeb, CEO of Saroca. “The Transformational Leadership Program reflects our commitment to cultivating leaders who will shape the future of gaming.”

Transformational Leadership Program Highlights

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

The program builds on the proven curriculum of its predecessor, featuring:

  • Two Cohorts: A women-only cohort and a new all-gender cohort to enrich perspectives.
  • Eight Modules: Covering topics such as emotional intelligence, self-advocacy, and radical candor.
  • Community and Growth Tracking: Strengthening connections and measuring individual progress.

Registration Now Open

The Transformational Leadership Program begins in February 2025, with limited spots available. Scholarships are also offered to ensure accessibility. For more information, visit Saroca’s website or contact [email protected].

About Saroca

Saroca is a leader in leadership development for the gaming industry, committed to empowering professionals through inclusive, high-impact programs that drive personal and professional growth.

The post Saroca Unveils the Transformational Leadership Program for 2025 appeared first on European Gaming Industry News.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)
Continue Reading

Latest News

Week 47/2024 slot games releases

Published

on

week-47/2024-slot-games-releases
Reading Time: 6 minutes

 

Here are this weeks latest slots releases compiled by European Gaming

Introducing Magawa vs Mines, the debut game from Slammer Studios – a fresh new player in the industry. With the launch of this vibrant 7×7 slot, the studio is kicking things off in style. Inspired by the legendary Magawa, a rat whose life-saving landmine detection skills have earned worldwide acclaim, this game pays tribute to this incredible hero. With Magawa vs Mines, players get to honour the courage of an extraordinary rat, reliving his daring missions through high-energy gameplay.

Making an Impact: Slammer Studios Debuts "Magawa vs Mines"

 

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

 

Spinomenal has added Zeus Unchained Hold & Hit to its marvellous Mythology series. Zeus Unchained Hold & Hit presents a grid framework of 5×3 and is set at 25 fixed lines. Once the action is underway, players join Zeus, the ancient Greek god of sky and thunder for a battle on the reels. A powerful soundtrack heightens the anticipation as players look for Wild symbols on screen.

Spinomenal adds Zeus Unchained Hold & Hit to slots line-up

 

Betsoft Gaming brings players to the heights of Mount Olympus with Coins of Zeus – Hold & WinTM, an engaging video slot with a 3×3 grid and 5 paylines set in a stunning Ancient Greek theme. From immersive visuals to thrilling gameplay features, Coins of Zeus – Hold & WinTM brings mythology to life, delivering divine entertainment and win potential.

 

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

 

BGaming is helping players hunt for ancient treasures in its latest release Catdiana. Boasting two purr-fect bonus games, the gameplay is further enhanced through cat-themed scatters, coveted coins and high-value gem symbols. The 5×3 reel action unfolds deep within a mystical cat temple where Catdiana goes on the prowl, performing as a wild to guide players to hidden treasures and big wins.

BGaming curls up with bountiful bonus games in Catdiana

 

Tom Horn Gaming, a leading igaming software supplier, has unveiled its latest game, Wild Snowfakes, just in time for the winter season. A winter-themed slot transports players to a serene snowy wonderland filled with excitement and rewards. This medium-to-high variance game is played across a 5×3 gaming grid, populated with frosty fruit symbols and snowflakes, which act as wilds.

Tom Horn Rolls Out Wild Winter Magic in Wild Snowflakes

 

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Evoplay, the award-winning game development studio, has revealed its latest immersive slot, Dolce Dreams, offering a sweet twist on the classic Italian café culture, with the experience designed for high engagement and substantial win potential. Set against the backdrop of a charming streetside cafe, Dolce Dreams features stacked Wilds in the form of waffle ice creams, which substitute for other symbols to maximise winning combinations.

Evoplay brings sweet wins and Italian charm with Dolce Dreams

 

Relax Gaming is taking players on an exhilarating snowy adventure with the launch of Winter Champions, a sports-themed slot that propels players through the mountain tops in pursuit of golden victories. At the heart of Winter Champions is the innovative Sliding Respins mechanic, ensuring the reels remain active as long as winning combinations continue to land, adding a layer of non-stop excitement to the gameplay.

Relax Gaming skates into action with the launch of Winter Champions

 

Nolimit City is serving up a twisted carnival treat in Munchies. Step into the fair grounds as Nolimit’s latest Labs game released following the release of Outsourced: Slash Game. As a Labs title, expect a fresh and experimental spin on the classic Nolimit style. In the heart of the carnival tents lies a curious attraction: Fluffers—a cute, cuddly, but oh-so-smelly creature that’s causing quite the commotion among visitors. Some may say it’s the attraction of the year!

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Nolimit City takes you on an outing to the Carnival in Munchies

 

Thunderkick has unveiled Split Happens, the latest addition to its product portfolio that combines a quirky bowling theme with Walking Wilds and respins to provide a unique and compelling gaming experience. The action takes place across a classic 5×3 grid, where winning combinations can be formed both ways to help unlock 3,000x maximum wins.

 

Thunderkick strikes again with bowling bonanza Split Happens

 

Amusnet has released its latest video slot, 10 Bulky Fruits. It is not an ordinary fruit slot but a dazzling, energetic and exciting game. This is a 5-reel, 10-fixed paylines video slot that offers vivid gameplay, epic sound effects and a variety of features. Keep an eye out for the Clover Wild Symbol and its great rewards – it appears on the 2nd, 3rd, and 4th reel. The Star and the Dollar are the shiny Scatter symbols boosting the winnings.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

 

It’s beginning to look a lot like Christmas, and Booming Games are getting in the spirit early with the November arrival of their fresh, festive game, Holly Jolly Bonanza 2. ‘Tis the season for snowy slots, and just like Santa Claus himself, Holly Jolly Bonanza 2 delivers in style. This sparkling sequel is a sure-fire Christmas classic, a 5×6 game with cascading reels, introducing new features to the festive game.

Booming Games get festive with Holly Jolly Bonanza 2

 

How deep do you dare to descend in Yellow Slotmarine by Twin Win Games – the exciting new slot where cash prizes can be accumulated and collected on any base game spin, but three bomb symbols are always lurking to potentially blow players out of the water. Utilising just three reels and one row of symbols, Yellow Slotmarine introduces a completely new mechanic where every character that lands contributes towards a specific cash pot.

Discover the ocean’s bounty in Yellow Slotmarine by Twin Win Games

 

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Gaming Corps is proud to announce the release of Wet and Wild Beavers. This charming new slot game also marks the debut of the exciting new A-MAZE-CADES™ mechanic. This playful adventure takes players down to the river, where a team of ingenious beavers plot their daring escape by the riverbank. Follow Red Rocket, Old Blue and Yella Fella as they utilise a series of creative bonus features to escape the dam and get their hands on wins of up to 10,000x the player’s stake.

Gaming Corps Debuts Innovative New A-MAZE-CADES™ Mechanic in the Wet and Wild Beavers slot game

 

Explore a prosperous underwater world and harness the power of the formidable Greek God of the Sea Poseidon in Stakelogic’s latest release, Trident of Legends. This enchanting aquatic adventure invites players to tap into the awe-inspiring power of the mythical Poseidon as they embark on a quest for fortune. With Poseidon’s legendary Trident in hand, players can trigger enticing bonuses while playing for wins of up to 10,000x their stake.

Harness the Powers of Poseidon in Stakelogic’s Exciting New Trident of Legends Slot

 

Play’n GO invites players to join the Wilde family in Wildest Gambit, a globe-trotting 5×3 slot that combines adventure, mystery, and massive win potential with an x20,000 Multiplier. Wildest Gambit unites the legendary Wilde family – Rich, Cat, and Uncle Gerard – in an epic journey across four unique destinations. From the golden sands of Egypt to the dense jungles of South America, players will experience a dynamic blend of Expanding, Sticky, and Multiplier Wilds.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Play'n GO recruits the entire Wilde family for their latest adventure, Wildest Gambit

 

 

The post Week 47/2024 slot games releases appeared first on European Gaming Industry News.

Continue Reading

Balkan's

EGT Digital is shortlisted in 5 categories of BEGE Awards 2024

Published

on

egt-digital-is-shortlisted-in-5-categories-of-bege-awards-2024
Reading Time: 2 minutes

 

EGT Digital is proud to be among the finalists in the impressive 5 categories of BEGE Awards 2024. This year’s edition of the prestigious annual competition will be held on November 27 at Black & White Club, Palms Royale Sofia Complex. For the 15th consecutive year, the event will recognize individuals and companies for their outstanding contribution to the gaming and entertainment industry.

Burning Hot Instant, one of the newest offerings in EGT Digital’s ever-growing portfolio of games, is among the shortlisted titles in the Online Game of the Year category. It is also one of the latest additions to the top performer Clover Chance. Although it debuted only 2 months ago, Burning Hot Instant immediately became players’ favorite with its mystery jackpot and numerous rewards.

X-Nave, EGT Digital’s in-house developed “all-in-one” betting platform, is a contender in the Online Platform of the Year category. The product earned the nomination thanks to the fact that it provides operators with the technology and tools they need to build and maintain a successful online business. The X-Nave platform includes 4 main modules: Sport Product, Gaming Aggregator, CRM Engine, and Payment Gateway. Each module can be part of the complete solution or function independently, allowing seamless integration with developments of third-party providers.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Another prestigious nomination for EGT Digital is in the Online Provider of the Year category, recognizing its wide range of iGaming products and services. The company’s games are extremely popular in a number of markets around the world, where players appreciate their fascinating design, high winning chances, and many attractive bonus features. The X-Nave platform is becoming the preferred choice for an increasing number of operators who want to guarantee their business’ long-term success and sustainable development.

The company is a finalist in the Sports Betting Platform of the Year category as well. EGT Digital’s Sportsbook solution, part of X-Nave’s Sport Product, offers everything operators need to secure a competitive bookmaker position. It includes advanced betting, in-depth statistics, different bet types, back-office tools, a variety of jackpots, and 24/7 technical and trading support. It is provided with powerful management tools that allow betting sites to create personalized content and increase player engagement.

The last category for which EGT Digital has been nominated is Innovative Product of the Year, with its 360-degree retail betting solution. This product covers both software and hardware aspects of the business, including the design and management of devices, the company’s omnichannel solution, sports betting, lottery games, vouchers, online deposits, and commissions. Constantly evolving, EGT Digital’s 360-degree retail betting solution continues to add new tools and options for improving user experience.

The post EGT Digital is shortlisted in 5 categories of BEGE Awards 2024 appeared first on European Gaming Industry News.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)
Continue Reading

Trending