Expert Commentary: Casino App Clubillion Leaks PII On “Millions” Of Users

Researchers at vpnMentor discovered the unsecured database hosted on AWS as part of a broader web mapping project and quickly traced it back to casino app Clubillion in March.

The online database, which was finally secured on April 5, was updated with huge amounts of users’ personal information every single day: in the region of 200 million new records, and included personally identifiable information (PII) including emails, private messages, winnings and IP addresses.

Experts Comments

July 09, 2020
Anurag Kahol
CTO
Bitglass
According to Gartner, 99% of cloud security mishaps will continue to be a result of misconfigurations caused by human error through 2025. Cloud security is a shared responsibility between the cloud service provider and the organisation, but the onus is on the companies that use services like AWS to ensure that data storage buckets are configured correctly and are properly secured. Sensitive and personally identifiable information (PII) should never be accessible by unauthorised parties, as.....Read More
According to Gartner, 99% of cloud security mishaps will continue to be a result of misconfigurations caused by human error through 2025. Cloud security is a shared responsibility between the cloud service provider and the organisation, but the onus is on the companies that use services like AWS to ensure that data storage buckets are configured correctly and are properly secured. Sensitive and personally identifiable information (PII) should never be accessible by unauthorised parties, as this kind of information can enable identity theft and highly targeted spear-phishing campaigns. To safeguard customer data, organisations must have full visibility and control over their data in order to prevent breaches and leaks. This can be accomplished by employing advanced security solutions that remediate misconfigurations, enforce real-time access control, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.