Exposed Database Spills Customers’ Private Information at WinStar Casino Resort’s App Developer
The startup that develops the phone app for casino resort giant WinStar has secured an exposed database that was spilling customers’ private information to the open web. The app is developed by a Nevada software startup called Dexiga. The startup left one of its logging databases on the internet without a password, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored within using only their web browser. Dexiga took the database offline after TechCrunch alerted the company to the security lapse.
Sensitive Customer Data Left Unencrypted and Exposed in Dexiga’s Database
Anurag Sen, a good-faith security researcher, found the exposed database containing personal information, which included full names, phone numbers, email addresses, home addresses, and the IP address of the user’s device. A review of the exposed data verified Sen’s findings and also revealed an internal user account and password associated with Dexiga’s founder. None of the data was encrypted, though some sensitive data, like a person’s date of birth, was redacted and replaced with asterisks.
Dexiga Claims Only “Publicly Available Information” Exposed
Dexiga’s founder, Rajini Jayaseelan, claimed that the database contained “publicly available information” and that no sensitive data was exposed. Dexiga said the incident resulted from a log migration in January and did not provide a specific date when the database became exposed. It is not immediately known how many individuals had personal data exposed by the data spill.
Dexiga Under Investigation as Company Claims to Secure Database
Jayaseelan would not confirm if Dexiga has the means to determine if anyone else accessed the database while it was exposed. Jayaseelan also did not disclose if Dexiga has notified WinStar or affected customers about the security breach. Dexiga stated that they are further investigating the incident, monitoring their IT systems, and will take necessary actions accordingly.
WinStar Casino Resort’s General Manager Remains Silent on Data Leak
WinStar’s general manager, Jack Parkinson, did not respond to TechCrunch’s emails requesting comment on the incident. The casino resort, known as the “world’s biggest casino”, offers the My WinStar app, which allows guests to access various self-service options, rewards points, loyalty benefits, and casino winnings. It is uncertain how the data leak will impact WinStar’s reputation and customer trust in the casino resort.
Analyst comment
Negative news. As an analyst, the market will likely react negatively to this news in the short term. The data breach raises concerns about privacy and security, which could impact customer trust in both Dexiga and WinStar. Dexiga’s reputation and profitability may suffer as a result, while WinStar may face potential damages to its reputation and a decline in customer trust.
