An unsecured server, apparently run by one of Curacao’s major online gambling licensing and solutions providers, has reportedly leaked the personal information of thousands of online gamblers and details of more than 108 million bets.
It was reported last week by ZDNet that security research Justin Paine came across the server which, in a shocking show of incompetence, had been left online and exposed to the Internet unsecured and not even password protected. The server was home to vast amounts of data that included customers’ personal information as well as deposit and withdrawal information from several different online gambling sites that included easybets.com, viproomcasino.net, kahunacasino.com and azur-casino.com.
The type of server that Paine discovered is an Elastisearch search engine which is most often installed to aid with organizing large amounts of information on a company’s internal network. This type of server generally handles an organization’s most sensitive information and is not meant to be exposed to the open Internet. This one, however, was left online and completely open for anyone to see.
Paine said that the search engine server included customers real names, phone numbers, physical addresses, account balanaces, IP addresses they played from, and financial details such as bets won, deposits and withdrawals, and even payment card details. He said some card details had been removed, but there was enough overall information exposed about each customer to make everyone extremely vulnerable to fraud or perhaps even extortion.
Who Is Behind The Exposed Server?
ZDnet contacted the individual online casinos requesting comments on the data leak but did not receive any replies. They did not, however, that shortly after they made their requests, the mystery server was taken offline. They were unable to determine why the server was so openly exposed or which company actually owned it.
A bit of further investigation carried out by Casino.org turned up some somewhat surprising results. The four companies mentioned didn’t seem to have any solid ties to each other, so it made no sense that their combined data would be on one server. A little bit of digging, however, turned up one common link.
Azur Casino is run by Danguad Ltd, a company based in Nicosia, Cyprus. Kahuna Casino and VIP Room Casino are both owned by a company called Mountberg. Mountberg and Danguad are both based in the same building, but their relationship seems to end there. The fourth casino, Easybet, is owned by TGI Entertainment NV. It’s a sports betting site that seems to have absolutely nothing in common with the other three sites.
The one thing that ties all four of these gambling sites together is their license. All four are licensed in Curacao under the same master license, 1668/JAZ, which was issued to a company called Curacao eGaming.
Curacao eGaming offers several services to gambling operators including consulting, compliance supervision, and turnkey, white-label solutions. They are one of four companies in Curacao that hold a master license, which allows them to issue sub-licenses and provide the IT infrastructure required for online gaming sites, including things like high-speed Internet connections, private cloud servers, dedicated servers, cloud storage, and more.
You should be able to draw your own conclusions from there. While no guilt has been admitted or proven, all signs seem to point to one place.
Ongoing Criticism Of Curacao
Curacao is a Dutch island in the Caribbean. It was one of the first to adopt and permit online gambling and has existed as a major licensing body since 1996. Since then, however, the government of Curacao has been accused of extremely lax enforcement of their own rules and regulations. Some have even gone so far as to claim there is no enforcement at all.
The Dutch parliament has debated the practice of issuing master licenses and allowing the sale of sub-licenses by companies like Curacao eGaming. Some in the Dutch government feel that practice is doing harm to the island’s international reputation.
It was also announced last month by the government of Curacao that they would tighten the enforcement of their own online gambling regulations. This announced is believed to have come mostly as a response to the conviction of Gerrit Schotte, the island’s former prime minister, for accepting bribes from the owner of a land-based casino on the island who is said to have connections with the Mafia.