Connect with us
Prague Gaming & TECH Summit 2025 (25-26 March)

Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

Published

on

Reading Time: 5 minutes

 

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

  • Date discovered: 19th March 2020
  • Date vendors contacted: 23rd March 2020
  • Date of contact with AWS: 31st March 2020
  • Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

  • “enter game”
  • “win”
  • “lose”
  • “update account”
  • “create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)
  • IP addresses
  • Email addresses
  • Winnings
  • Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

  • USA – 10,000+
  • UK – 2,475+
  • France – 1,650+
  • Israel – 408+
  • Germany – 1,582+
  • Spain – 1,026+
  • Italy – 2,407+
  • Netherlands – 622+
  • Australia – 6,251+
  • Canada – 7,792+
  • Brazil – 3,859+
  • Sweden – 191+
  • Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

  1. Trick them into providing their credit card details
  2. Trick them into providing additional PII to be used against them in further fraud
  3. Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

  1. Securing their servers.
  2. Implementing proper access rules.
  3. Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted. 

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

The purpose of this web mapping project is to help make the internet safer for all users.

 

Source

Continue Reading
Advertisement

Argentina

ZITRO CELEBRATES THE LAUNCH OF ITS FIRST WAP IN ARGENTINA AT THE HIPÓDROMO DE PALERMO

Published

on

zitro-celebrates-the-launch-of-its-first-wap-in-argentina-at-the-hipodromo-de-palermo

Zitro, a leading global gaming company, has announced the successful launch of its first Wide Area Progressive (WAP) in Argentina, with over 45 slot cabinets initially installed in five gaming halls located at the Hipódromo de Palermo. The product selected for this project is the successful game “Mighty Hammer Ultimate” on Zitro’s premium cabinet, “Altius Glare.”

This system represents the first WAP in South America. A shared jackpot called “Mega Pozo Mighty Hammer” starts at 50 million Pesos and grows progressively, making it the largest accumulated prize in the region. The official inauguration was held on December 19th during the exclusive “Noche de Palermo” event, including a live performance by the renowned Argentinian band Los Totora.

Company Directors commented: “We are very pleased to introduce Argentina’s first WAP at the Hipódromo de Palermo. This project – for which we partnered with Zitro – reiterates Casino Club’s commitment to innovation, always under the premise of offering our customers an entertainment experience that exceeds all their expectations.”

For her part, Alejandra Burato, Regional Director of Zitro for LatAm, commented: “The launch of our first WAP in Argentina is a very important milestone for Zitro, as it confirms our company as a supplier of machines for WAPs. Attending the inauguration event and seeing firsthand how our products connect with players has been a pleasure, providing a unique and different entertainment experience in the region. Additionally, I want to highlight the excellent marketing surrounding the launch, contributing to its success. Finally, I would like to thank Casino Club for their trust and collaboration, which has allowed us to present this innovative proposal in such a renowned and emblematic place as the Hipódromo de Palermo.”

Continue Reading

Founder of SOFTSWISS

SOFTSWISS Game Aggregator: Largest Content Hub Certified in Brazil

Published

on

softswiss-game-aggregator:-largest-content-hub-certified-in-brazil

The SOFTSWISS Game Aggregator, the largest content hub in the iGaming industry, has secured Brazilian certification, becoming one of the first in the market to achieve this milestone.

Regulatory rules for iGaming come into effect in Brazil on 1 January 2025. According to them, platforms, aggregators, sportsbooks, and providers must undergo certification. Companies aiming to provide their services in Brazil in 2025 and beyond have been preparing for this transition throughout the year.

The SOFTSWISS team announces that its Game Aggregator is the first to fully comply with regulations, completing all necessary preparations and receiving the certificate to ensure smooth and efficient operations for its clients.

SOFTSWISS has also obtained certification for integration with the world’s largest game providers – Pragmatic Play, Evolution, and Playtech. These providers offer a diverse range of games tailored to suit the preferences of Brazilian players, from immersive live dealer experiences to engaging slots and table games, ensuring entertainment for every type of player.

According to recent Kantar research conducted in November 2024, the overall satisfaction index for the SOFTSWISS Game Aggregator is 8.1 out of 10. Remarkably, half of the respondents rated the product a 10 or 9. Customer support service satisfaction scored even higher, at 8.4 out of 10

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

The Game Aggregator also boasts a key advantage: consistent 99.999% uptime, which is crucial for the iGaming business.

Ivan Montik, Founder of SOFTSWISS, notes: “According to our information, the SOFTSWISS Game Aggregator is the first aggregator fully prepared, both technically and legally, to work in Brazil when the new regulations take effect. This is a significant achievement that the team has worked on diligently and systematically. Our work doesn’t stop here – we are actively adding new providers to help our clients expand their presence in this promising Brazilian market, which is no longer ‘the sleeping giant’. It has awakened, and SOFTSWISS is at the forefront of this exciting transformation.”

To support this high level of performance, earlier this year SOFTSWISS appointed Rubens Barrichello, the Brazilian Formula 1 legend, as a Non-Executive Director, demonstrating its strong commitment to the local market. To ensure efficient operations and promptly address ongoing matters, SOFTSWISS also has a dedicated team of local business development managers in Brazil.

SOFTSWISS team will be available to discuss partnership in Brazil and other markets at the first major  iGaming event of 2025 – ICE Barcelona, taking place on 20–22 January, at stand 2G42.

 

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

About SOFTSWISS

SOFTSWISS is an international technology company with over 15 years of experience developing innovative solutions for the iGaming industry. SOFTSWISS holds a number of gaming licences and provides comprehensive software for managing iGaming projects. The company’s product portfolio includes the Online Casino Platform, the Game Aggregator with over 23,500 casino games, the Affilka Affiliate Platform, the Sportsbook software and the Jackpot Aggregator. In 2013, SOFTSWISS revolutionised the industry by introducing the world’s first Bitcoin-optimised online casino solution. The expert team, based in Malta, Poland, and Georgia, counts over 2,000 employees.

Continue Reading

Latest News

SOFTSWISS Game Aggregator: Largest Content Hub Certified in Brazil

Published

on

softswiss-game-aggregator:-largest-content-hub-certified-in-brazil
Reading Time: 2 minutes

The SOFTSWISS Game Aggregator, the largest content hub in the iGaming industry, has secured Brazilian certification, becoming one of the first in the market to achieve this milestone.

Regulatory rules for iGaming come into effect in Brazil on 1 January 2025. According to them, platforms, aggregators, sportsbooks, and providers must undergo certification. Companies aiming to provide their services in Brazil in 2025 and beyond have been preparing for this transition throughout the year.

The SOFTSWISS team announces that its Game Aggregator is the first to fully comply with regulations, completing all necessary preparations and receiving the certificate to ensure smooth and efficient operations for its clients.

SOFTSWISS has also obtained certification for integration with the world’s largest game providers – Pragmatic Play, Evolution, and Playtech. These providers offer a diverse range of games tailored to suit the preferences of Brazilian players, from immersive live dealer experiences to engaging slots and table games, ensuring entertainment for every type of player.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

According to recent Kantar research conducted in November 2024, the overall satisfaction index for the SOFTSWISS Game Aggregator is 8.1 out of 10. Remarkably, half of the respondents rated the product a 10 or 9. Customer support service satisfaction scored even higher, at 8.4 out of 10

The Game Aggregator also boasts a key advantage: consistent 99.999% uptime, which is crucial for the iGaming business.

Ivan Montik, Founder of SOFTSWISS, notes: “According to our information, the SOFTSWISS Game Aggregator is the first aggregator fully prepared, both technically and legally, to work in Brazil when the new regulations take effect. This is a significant achievement that the team has worked on diligently and systematically. Our work doesn’t stop here – we are actively adding new providers to help our clients expand their presence in this promising Brazilian market, which is no longer ‘the sleeping giant’. It has awakened, and SOFTSWISS is at the forefront of this exciting transformation.”

To support this high level of performance, earlier this year SOFTSWISS appointed Rubens Barrichello, the Brazilian Formula 1 legend, as a Non-Executive Director, demonstrating its strong commitment to the local market. To ensure efficient operations and promptly address ongoing matters, SOFTSWISS also has a dedicated team of local business development managers in Brazil.

SOFTSWISS team will be available to discuss partnership in Brazil and other markets at the first major  iGaming event of 2025 – ICE Barcelona, taking place on 20–22 January, at stand 2G42.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

 

About SOFTSWISS

SOFTSWISS is an international technology company with over 15 years of experience developing innovative solutions for the iGaming industry. SOFTSWISS holds a number of gaming licences and provides comprehensive software for managing iGaming projects. The company’s product portfolio includes the Online Casino Platform, the Game Aggregator with over 23,500 casino games, the Affilka Affiliate Platform, the Sportsbook software and the Jackpot Aggregator. In 2013, SOFTSWISS revolutionised the industry by introducing the world’s first Bitcoin-optimised online casino solution. The expert team, based in Malta, Poland, and Georgia, counts over 2,000 employees.

The post SOFTSWISS Game Aggregator: Largest Content Hub Certified in Brazil appeared first on European Gaming Industry News.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)
Continue Reading

Trending