An online casino group in the United States leaked 108 million gambling bets, including customer personal information, deposits and withdrawal details. Justin Paine, a cybersecurity researcher, said the information was leaked from the ElasticSearch server and circulated on the Internet without a password.
ElasticSearch is a search engine that companies like to use to improve the data indexing and search capabilities of their own web apps. Generally speaking, such a search engine will be installed on the internal network to process company confidential information, and the information will not be leaked on the Internet.
After some analysis, Paine determined that these domain names are all used to operate online casinos, and users can bet on participation. Paine found a total of about 108 million records exposed, including bets, wins, deposits, and withdrawals. There is also payment card information in the deposit and withdrawal information.