Dexiga Data Breach: How a Casino App Exposed Customer Info

Dexiga, a Nevada-based software startup, was involved in a major data breach in February 2024. Here’s a breakdown of what happened:

The Breach

  • Exposed Database: Security researcher Anurag Sen discovered an unprotected database belonging to Dexiga. This database contained sensitive information related to customers of the My WinStar World Casino app, developed by Dexiga.
  • Data Exposed: The exposed data included:
    • Names
    • Phone numbers
    • Email addresses
    • Home addresses
    • Device IP addresses
    • Gender
    • Internal WinStar customer account information
  • Duration: The exact duration of the exposure is unknown. Dexiga claimed the issue stemmed from a log migration with logs dating back to January 26th exposed by February 9th when the issue was fixed.

Implications

  • Identity Theft: Exposed personal information can be used by malicious actors to facilitate identity theft or targeted phishing attacks.
  • Privacy Invasion: Users of the casino app who had their data exposed face significant privacy concerns.
  • Reputational Damage: The breach harmed Dexiga’s reputation and potentially damaged their relationship with WinStar Casino.

Dexiga’s Response

  • Database Secured: Dexiga took the database offline once notified.
  • Contradictory Claims: Initially, Dexiga downplayed the incident, stating that only “publicly available information” was involved. The scope of the exposed data revealed otherwise.

Key Takeaways

  • Basic Security Failures: The incident highlights how misconfigurations and insufficient security measures can expose highly sensitive data.
  • Transparency Matters: Companies have a responsibility to be transparent about breaches, especially when sensitive customer data is at risk.
  • Third-Party Risk: Businesses need to carefully vet the cybersecurity practices of any third-party vendors they work with, as in this case, the app developer’s breach impacted the casino.

Further Reading:

TechCrunch: https://techcrunch.com/2024/02/09/winstar-hotel-casino-app-exposed-customer-personal-data/

Discover more from Information Security Program

Subscribe now to keep reading and get access to the full archive.

Continue reading