A security lapse exposed WinStar casino app users’ data. Dexiga, the app developer, left a database unprotected, revealing names, phone numbers, addresses, and more. The issue is under investigation.AT A GLANCESecurity Breach: Startup Dexiga, creator of casino app My WinStar, exposed a database with sensitive customer info, including names, phone numbers, and addresses.Wide Open Access: Dexiga’s logging database lacked a password, allowing anyone with the IP address to view WinStar customer data through a web browser.Scope of Data: The exposed data included full names, phone numbers, email addresses, home addresses, gender, and device IP addresses.Encryption Gap: None of the data was encrypted, and while some sensitive info was redacted, like birthdates, the overall lack of encryption posed a security risk.Startup Connection: The exposed database had login credentials linked to Dexiga founder Rajini Jayaseelan, confirming the app’s developer as the source.Confirmation Test: TechCrunch verified the link by signing up on the My WinStar app, instantly seeing the provided phone number in the exposed database.Startup Response: Dexiga, after being alerted, secured the database but claimed it contained only “publicly available information,” raising concerns about the extent of sensitive data exposure.
Data Breach Hits WinStar’s My WinStar App Developed by Dexiga (Image: Tripadvisor)Security Lapse Exposes WinStar Casino App Users’ Private InformationIn a recent security lapse, an unprotected database belonging to the My WinStar app, developed by Nevada-based startup Dexiga for the renowned casino resort giant WinStar, has exposed sensitive customer information to the open web.Background: WinStar, the World’s Biggest CasinoWinStar, based in Oklahoma, proudly touts itself as the “world’s biggest casino” based on square footage. Alongside its extravagant casino offerings, WinStar provides an app called My WinStar, developed by Dexiga, allowing guests to manage their hotel stay, access rewards points, loyalty benefits, and view casino winnings.The Exposure: A Database Left UnprotectedDexiga, in a critical oversight, left one of its logging databases unprotected on the internet, accessible without a password. This lapse allowed anyone with knowledge of its public IP address to freely access and peruse the personal data of WinStar customers using just a web browser.Security researcher Anurag Sen discovered the exposed database, which included full names, phone numbers, email addresses, home addresses, gender information, and even the IP addresses of users’ devices. Disturbingly, the data was found to be unencrypted, although certain sensitive information, such as dates of birth, was redacted.TechCrunch independently verified Sen’s findings and discovered an internal user account and password associated with Dexiga founder Rajini Jayaseelan. Dexiga’s website confirms that its tech platform powers the My WinStar app.Security Response and Clarifications from DexigaUpon being alerted by TechCrunch, Dexiga promptly took the exposed database offline. In an email response, Jayaseelan claimed that the database only contained “publicly available information” and asserted that no sensitive data was compromised. Dexiga attributed the incident to a log migration that occurred in January but did not specify when the database became exposed.Dexiga’s founder did not disclose whether the company has the technical capability to track if other unauthorized parties accessed the database during its exposure. Furthermore, there is no information on whether Dexiga has informed WinStar about the security lapse or if affected customers will be notified of the data exposure. The extent of the impact on the number of individuals affected remains unknown.Verification and Confirmation: My WinStar App Link EstablishedTo confirm the source of the exposed data, TechCrunch went a step further and downloaded the My WinStar app on an Android device, signing up using a phone number controlled by the publication. Almost instantly, this phone number appeared in the exposed database, conclusively linking the database to the My WinStar app.As of now, Dexiga is investigating the incident and states that they are actively monitoring their IT systems. However, they have not provided details on the specific actions they plan to take in response to the security lapse. WinStar’s general manager, Jack Parkinson, has not responded to TechCrunch’s emails seeking comments on the matter.Source: Techcrunch
The information above is curated from reliable sources and modified for clarity. Slash Insider is not responsible for its completeness or accuracy. We strive to deliver reliable articles but encourage readers to verify details independently.