In a startling revelation, the My WinStar app, associated with the WinStar casino and hotel resort in Oklahoma—celebrated as the world’s largest active casino—was found transmitting customer data to an unsecured online database. This database, devoid of any password protection, potentially allowed anyone aware of its location unrestricted access to sensitive information.
The lapse was uncovered by security researcher Anurag Sen, who has a track record of identifying such vulnerabilities, including a previously exposed email server linked to the US Government, TechCrunch reported on Monday. Upon discovery, online tech news websites were alerted, aiding in the identification of the database’s proprietor through data verification that included information related to Dexiga’s founder, Rajini Jayaseelan.
Previously, he had also uncovered an exposed email server hosted on Azure associated with the US Government in February 2023 and an Amazon Prime database in October 2022. In each instance, including this one, Sen followed the same process: alerting TechCrunch to his discoveries, ultimately leading to the identification of the database’s owner.
Contrary to Jayaseelan’s assertion that the database contained only “publicly available information,” the exposed data encompassed full names, phone numbers, email, and physical addresses of app users, raising significant privacy concerns.
Following the discovery, the company promptly addressed the issue by patching the vulnerability and securing the database.
Dexiga has since stated its commitment to a thorough investigation and ongoing monitoring of its IT systems to prevent future breaches, emphasizing the critical need for robust cybersecurity measures in protecting user data in the digital age.
The duration during which the database remained unprotected is uncertain, but according to rolling daily logs dating back to January 26 when it was secured, as confirmed by TechCrunch. Whether anyone accessed it before the security measures were implemented remains unconfirmed.
For individuals concerned about digital security, particularly when using mobile applications for sensitive transactions, employing measures like using the best VPN for Android, or if you’re an Apple user, the best VPN for iPhone, can offer an added layer of protection against potential data breaches.