A Nevada software startup, which powers the world’s largest casino, has been found to have left one of its databases exposed to the internet without a password. The database belonged to Dexiga, the startup behind My WinStar, an application used by the WinStar World Casino and Resort in Thackerville, Oklahoma.

My WinStar is a self-service application that also functions as a loyalty program for hotel guests at the casino resort. Using the app, visitors can access various benefits, including loyalty rewards points.

Last week, TechCrunch uncovered details regarding the exposed database, which contained customers’ private information such as names, emails, home addresses, phone numbers, and dates of birth. Security researcher Anurag Sen discovered the exposed database and contacted TechCrunch to help bring attention to the issue.

Once TechCrunch identified the data as belonging to Dexiga, they contacted the software company, and access to the database was discontinued shortly after. Dexiga claimed that the information in the database was “publicly available” and denied that any sensitive personal information had been exposed. It was unclear whether the company had tools to track who accessed the database while it was available online without a password.

In a related development, cybersecurity expert Dan Lohrmann warned about the dangers of cyberattacks for casinos, stating that gambling operators who fall victim to such attacks may be subject to further attacks unless proper action is taken. He emphasized the importance of implementing changes to cybersecurity policies even if a ransom is paid to settle a cyberattack.

The incident serves as a reminder of the potential risks associated with leaving databases exposed to the internet, particularly when they contain sensitive customer information. It also underscores the need for robust cybersecurity measures in the gaming and entertainment industry.

By admin