Exploit: Unsecured Database
T7 Games/Ouroboros Games: Gambling Games Application Developer
Risk to Small Business: 1.217 = Extreme
The world’s most popular social gambling app Clubillion suffered a major data breach that affects customers around the world. A research team initially discovered the problem on March 19, finding the database hosted on Amazon Web Services during the course of working on a web mapping project. The developers of Clubillion were notified by the researchers quickly, but continued inaction exposed approximately 200 million user records per day – 50GB worth of data. The active database included constantly updated gameplay information for affected users as well as IP addresses, e-mail addresses, winnings, and private messages. The database was recorded as open for 16 days before action was taken to contain the leak.
Individual Risk: 2.219 = Severe
While researchers did not see any personally identifying or financial information in the affected database, the complexity of the breach prevents certainty about exactly what was leaked. Users of the app should be aware of potential phishing attacks fueled by this data.
Customers Impacted: 160,000+
How it Could Affect Your Customers’ Business: Staffers aren’t just using their favorite apps and services on their personal phones and computers – they’re doing it on their work machines too. As companies continue to adopt “Bring Your Own Device” policies and the work/personal line gets murkier for staffers, companies have to be concerned about the potential for danger caused by breaches in entertainment and social media apps.