UPDATED 21:41 EDT / JANUARY 26 2021

SECURITY

VIP Games exposes user data through unsecured Elasticsearch server

Casual gaming provider VIP Games has suffered a data breach, exposing millions of records relating to users of the service.

VIP Games, owned by a game development studio called Casualino JSC, has 20,000 active daily players and includes popular games such as Hearts, Crazy Eights, Euchre, Rummy, Dominoes, Backgammon, Ludo and Yatzy. The Android app for the site has been downloaded more than 100,000 times on Google Play.

Discovered and publicized today security researchers at WizCase, the 30-gigabyte database was found to contain more than 66,000 user profiles and 23 million records. The exposed data included usernames, emails, device details, IP addresses, hashed passwords, Facebook IDs, Twitter IDs, Google IDs, in-game transaction details, bets and details regarding banned players.

The hashed passwords were also encrypted with the Bcrypt algorithm using 10 rounds. Although that can take some effort to crack, it can be done.

The database was exposed to all and sundry on a misconfigured Elasticsearch server. VIP Games was contacted and warned of the database being exposed so it could secure it prior to the exposure being made public.

The researchers warn that the user data could be utilized for a variety of nefarious purposes including identity theft and fraud, a password breach, scams, phishing, malware and blackmail. The suggestion of blackmail stands out: Researchers suggested that the inclusion of banned user details could be used for extortion or revenge. Examples include a player who was banned for possible pedophile behavior being tricked into a physical meeting with vigilantes or a user banned for exhibitionism could be threatened with exposure.

“When a breach like this occurs, an unsecured server is almost always the reason — especially an Elasticsearch server,” Chris DeRamus, vice president of technology at cybersecurity and compliance solution provider Rapid7 Inc.’s Cloud Security Practice, told SiliconANGLE. “The software-defined nature of the cloud leads to frequent changes and it is important that organizations implement a continuous and automated cloud security strategy in order to detect and remediate threats such as misconfigurations and compliance violations in real time.”

The incident illustrates the importance of automating remediation processes to prevent unintended gaps in security, DeRamus explained. “Automated cloud security solutions can grant organizations the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, or even trigger automated remediation in real-time, so that databases and other assets never have the opportunity to be exposed, even temporarily,” he said.

Ami Luttwak, co-founder and chief technology officer of cloud security company Wiz Inc., noted that cloud exposure is still the top cybersecurity risk for many companies.

“It is a much bigger likelihood that a company will find its data accidentally exposed than that a state threat actor will target them,” Luttwak said. “Cloud is complex and ever-changing, and it is very easy to make a mistake. Before you realize you have something exposed or misconfigured, your data might already be out the door.”

Image: VIPGames

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU