Connect with us

Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

Published

5 years ago

on

Reading Time: 5 minutes

 

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

  • Date discovered: 19th March 2020
  • Date vendors contacted: 23rd March 2020
  • Date of contact with AWS: 31st March 2020
  • Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

  • “enter game”
  • “win”
  • “lose”
  • “update account”
  • “create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

  • IP addresses
  • Email addresses
  • Winnings
  • Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

  • USA – 10,000+
  • UK – 2,475+
  • France – 1,650+
  • Israel – 408+
  • Germany – 1,582+
  • Spain – 1,026+
  • Italy – 2,407+
  • Netherlands – 622+
  • Australia – 6,251+
  • Canada – 7,792+
  • Brazil – 3,859+
  • Sweden – 191+
  • Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

  1. Trick them into providing their credit card details
  2. Trick them into providing additional PII to be used against them in further fraud
  3. Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

  1. Securing their servers.
  2. Implementing proper access rules.
  3. Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted. 

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

The purpose of this web mapping project is to help make the internet safer for all users.

 

Source

Related Topics:
Continue Reading
Advertisement

Latest News

Casino Kings Knocks Out Partnership with Boxing Powerhouse BoxNation

Published

1 day ago

on

May 9, 2025

By

casino-kings-knocks-out-partnership-with-boxing-powerhouse-boxnation

Two titans of entertainment are joining forces! UK-licensed casino and sportsbook, Casino Kings, and the legendary boxing platform, BoxNation, have announced a dynamic new partnership, set to deliver a knockout blow of exclusive content, promotions and responsible betting experiences for fans. Becoming their official boxing betting partner, Casino Kings is stepping into the ring with one of the most respected names in the fight game, promising fans a ringside seat to even better betting.

This isn’t just a bell ringing for another sponsorship deal; it’s a knockout partnership designed to bring you closer to the action than ever before. Casino Kings branding will be engrained into the boxing industry, prominent across BoxNation’s popular YouTube channel through branding and content, where the biggest names and personalities in boxing step into the spotlight for exclusive interviews.

For you savvy fight fans, Casino Kings will be rolling out a series of exclusive offers, adding even more thrill to 2025’s already-explosive boxing schedule. And here’s a great way to kick things off: Casino Kings is welcoming new members with a £35 Free Bet! Just deposit a minimum of £10 and place bets of £10 or more to grab yours. Don’t miss out!

Given BoxNation’s powerful presence in the boxing arena and Casino Kings’ reputation as a premier UK online casino and sports betting platform, this partnership is bound to be a knockout you won’t want to miss.

“We’re buzzing to partner with BoxNation—this really puts Casino Kings in the heart of the action.” Says Jack Dunn, COO of Casino Kings. “The team have been absolutely brilliant, and we’re excited to get stuck into some top-tier behind-the-scenes boxing content for the fans!”

“BoxNation is delighted to announce our partnership with Casino Kings. Casino Kings has a great reputation for delivering sports and entertainment options for users. We look forward to working together with Casino Kings to create a safe and enjoyable experience for fans.” adds Umar Ahmed, BoxNation Channel Lead.

Want to be the first to know? Follow Casino Kings and BoxNation on social media now for instant updates, special offers, and all the ringside action!

About BoxNation:

BoxNation is a dedicated boxing news and media outlet, providing fans exclusive interviews and behind the content featuring the boxing’s biggest names and personalities. With over 95k YouTube subscribers and 50 million plus views, BoxNation is delivering the best boxing content from all around the world. To find out more about BoxNation, visit: www.youtube.com/@BoxNationOfficial

About Casino Kings:

Casino Kings isn’t just another UK-licensed online casino and sportsbook – it’s a platform that puts player well-being first. Deeply committed to responsible gambling, they offer a secure environment equipped with robust tools to empower users to manage their play effectively. Beyond this dedication, Casino Kings delivers consistently fair and competitive odds across a thrilling selection of sports. Plus, the king casino team consistently provides their players with the best welcome bonuses, weekly promotions, daily offers, and much more!

Let’s keep the fun in the game. Please remember to gamble responsibly. 18+ only. For more information, visit: www.gambleaware.org.

The post Casino Kings Knocks Out Partnership with Boxing Powerhouse BoxNation appeared first on Gaming and Gambling Industry in the Americas.

Continue Reading

Latest News

Week 19/2025 slot games releases

Published

1 day ago

on

May 9, 2025

By

week-19/2025-slot-games-releases
Reading Time: 4 minutes

 

Here are this weeks latest slots releases compiled by European Gaming

CryptoSlots, a leading cryptocurrency casino, is celebrating its 7th birthday this May with exciting new game launches and player rewards. To mark the occasion, CryptoSlots is unveiling a brand-new slot: Safari Sunsets, taking players on a breathtaking journey through the African savannah at golden hour. With swaying acacia trees, and a sky glowing in sunset hues of orange and purple, the game immerses you in the wild beauty of the grasslands. Majestic animals like zebras, lions, buffalos,and the powerful elephant Scatter symbol bring the reels to life!

CryptoSlots Celebrates 7 Years with New Safari Sunsets Slot and Big Bonuses

PG Soft has unleashed its latest big-hitting title, Knockout Riches. The new addition is a 5-reel (1 to 3 rows in reel 1 and 5, 4 to 20 rows in reels 2, 3 and 4) slot that delivers an action-packed slot experience with grit, determination, and big rewards. Ruby, known as the ‘Flaming Rose’, steps into the ring as a rising star in the boxing world whose fists must do the talking.

PG Soft unleashes Knockout Riches title

Relax Gaming, the iGaming aggregator and supplier of unique content, is challenging players to tame Fang the dragon in its fiery new release, Fang’s Inferno. The dragon with an insatiable appetite for riches returns in this 5×4 slot where big wins can come via Blazin’ Wilds, Flamin’ Respins, Fang’s Bonus Picks, Fiery Free Spins and Fang’s Bonus Picks.

Relax Gaming invites players to face the flames in new release Fang’s Inferno

FBMDS is thrilled to announce the launch of its newest slot game of Asian inspiration – “Panda Treasure – Sublime Series”. This is the inaugural title in its ambitious plan to reinvent its slots portfolio with new, rewarding online casino game releases throughout the year, that speak to different players’ profiles and competitive operator’s demands. The release of a new slot game aligns with FBMDS’s 2025 narrative, focusing on market expansion, innovation, and leadership in key iGaming segments.

FBMDS launches new Asian-inspired Panda Treasure slot game

Spinomenal has released its latest game to join the Wildlife series, Majestic Silverback. Players are welcomed to the untamed, lush jungle for an adventure. Verdant fauna surrounds the 5×3 reel frame, brought to life by an array of jungle animals, including jaguars, parrots, crocodiles, and iconic silverback gorillas.

Spinomenal presents new title Majestic Silverback

Push Gaming has launched Olympus Unleashed, a futuristic take on a mythological-themed slot that combines the timeless appeal of classic slots with bold, modern gameplay. Created for players who enjoy the familiar rhythm of traditional titles but crave something fresh, Olympus Unleashed delivers a compelling blend of nostalgia and innovation.

Push Gaming ascends to new heights with mythic new release Olympus Unleashed

Play’n GO’s latest 6×4 slot, Crabby’s Gold, washes ashore with gold-grabbing mechanics, evolving Wilds and a crustaceous companion who’s got more attitude than treasure maps. Set in a sun-bleached pirate cove where coins glint beneath the waves, Crabby’s Gold brings comic chaos to the high seas. With its curmudgeonly mascot Crabby hoarding multipliers and heckling from the reels, this 4096-ways slot isn’t just another maritime theme – it’s a tidal wave of personality.

Crabby’s Gold unleashes a clawed coin caper
Inspired Entertainment, Inc., a leading B2B provider of gaming content, systems, and solutions, is thrilled to announce the release of Piggy Winner™ – a pig-themed descendant of Inspired’s popular omni-channel slot Gold Winner™. This 10-win line slot game is packed with thrilling features including Wild Symbols, Cash Collecting Free Spins, a gamble option and Fortune Spins mode, designed to deliver slick gameplay and endless excitement.

INSPIRED LAUNCHES PIGGY WINNER IN RETAIL™
Booming Games turns up the temperature with Inferno Fortune Power Hit, the explosive first title in the brand-new Power Hit Series. Set on a blazing 6×4 grid with 4096 ways to win, Inferno Fortune Power Hit is designed for players who crave nonstop action and high win potential. At the core of the game lies the powerful Power Hit feature, which can be triggered in both the base game and Free Spins.

Inferno Fortune Power Hit from Booming Games brings the heat with a fiery new take on classic slot action!

 

The post Week 19/2025 slot games releases appeared first on European Gaming Industry News.

Continue Reading

global online gambling market

Grand View Research: Global Sports Betting Market Size is Estimated to Reach USD 187.39 Billion by 2030

Published

1 day ago

on

May 9, 2025

By

grand-view-research:-global-sports-betting-market-size-is-estimated-to-reach-usd-187.39-billion-by-2030

 

The global online gambling market size is estimated to reach USD 153.57 billion by 2030, registering a CAGR of 11.9% from 2025 to 2030, according to a new report by Grand View Research.

Sports Betting Market Report Highlights:

• The offline segment accounts for a significant revenue share in the sports betting industry in 2024, particularly in regions with a mature gambling infrastructure such as Europe and Australia.

• Based on the sports type football segment dominated the sports betting market, holding the largest share due to its vast international fan base and the continuous presence of domestic and international tournaments.

• Live/In-Play Betting emerged as the leading segment in the sports betting market in 2024, thanks to its real-time and interactive nature.

• Europe sports betting market accounts for the largest revenue share of around 48% in 2024. The sports betting market in Europe is continually evolving, bolstered by established regulations in several countries and increasing digital engagement.

The growth of the global sports betting market is driven by the proliferation of internet infrastructure and evolving regulatory landscape of the entire gambling industry across the world. In addition, the increase in the number of sports events and leagues worldwide such as the NFL, FIFA World Cup, Carabao Cup, and UEFA Europa League has positively influenced the growth of the market. Furthermore, an increase in disposable income and the rising usage of AI and blockchain technologies to improve the prediction algorithms in betting software are likely to boost the growth of the market during the forecast period.

Esports, which is an organized, multiplayer video game competition, played by professional players, individuals, or teams, has gained massive popularity during the COVID-19 pandemic and witnessed a surge in the number of events worldwide. Market players are utilizing the increased number of esports events to offer an opportunity for their customers to bet on such esports competitions and earn extra income. The surge in online sports events backed up by a rise in the number of esports tournaments offers stable growth opportunities for the betting industry. For instance, according to the report by the UK Gambling Commission, there was a huge 2922% year-on-year rise in esports betting revenue from March 2019 to March 2020.

The post Grand View Research: Global Sports Betting Market Size is Estimated to Reach USD 187.39 Billion by 2030 appeared first on Gaming and Gambling Industry in the Americas.

Continue Reading

Trending