En
En
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
Data protection and classification
Access rights audit
User activity audit, investigation
Compliance
Use case: access control and change management
Use case: user behavior and insider detection
Use case: eDiscovery
Use case: file cleanup
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact us
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact Us
Book a return call
HomeBlogOnline Casino Leaked Data and Marketing Agency Fined for Last Year's Incident
BACK TO BLOG LIST
Online Casino Leaked Data and Marketing Agency Fined for Last Year's Incident
22.11.2023

Today we report on two more recent information security incidents.

Let’s start with the case of Ascentis, the developer of an e-commerce platform owned by Starbucks, which was fined S$10,000 for failing to appropriately protect confidential information. 

The company was fined for the leak, which occurred in September 2022. At that time, approximately 333,000 members of Starbucks' loyalty program, My Starbucks Rewards, were affected by the incident. Membership information, including: 

  • Full names 
  • Dates of birth 
  • Mobile phone numbers  
  • Email addresses 

was offered for sale on the Darknet.

How the incident happened: The Ascentis have contracted the Vienam-based company Kyanon Digital to get assistance. The employees of Kyanon had accounts with full administrative privileges, which, among other, enabled employees to export data from the platform. As it was revealed, there was an employee, who had worked for Kyanon Digital and left the company. His account credentials were handed over to some other employees via a shared Google Sheet. The former employee’s account wasn’t disabled. The employees changed the former employee account’s password and updated it in the Google Sheet. Lately, a malicious actor gained access to the unblocked account and used it to obtain and steal the confidential data.

The Personal Data Protection Commission in its judgement stated that the amount of fine was based on marketing agency's active cooperation in the investigation and its prompt action to remedy the breach.

The second incident resulted in a large amount of customers’ personal information being publicly available for several months.

Strendus, a Mexican online casino, exposed 85GB of confidential players’ data. The open instance also contained data from another online casino, MustangMoney.

The following casino player details were exposed in the incident:

  • Usernames
  • Full Names
  • Government ID numbers (CURP)
  • Phone numbers
  • Email addresses
  • Home addresses
  • Dates of Birth
  • Deposit amounts and withdrawal amounts
  • IP addresses used to register for an account and log in.

For now it is not known exactly how the data ended up in the public domain. Cyber security researchers Cybernews, who discovered the leak, suggested that the data became publicly available as a result of unauthorised access to the logs. The researchers also claim that they discovered the leak on 7 April 2023, after which they immediately alerted the company.  However, the data remained publicly available until mid-October.

As technology advances, attackers are becoming more sophisticated. Deepfakes are a perfect example of this. We recently discussed how deepfakes are created and how they can be used fraudulently.

BACK TO BLOG LIST
Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.
Products and Services
FileAuditor
DLP
Risk Monitor
ProfileCenter
SIEM
MSSP
Cloud Deployment
Company
Contact
About Our Company
Company Portfolio
Our Clients
Press About Us
Press Kit
Resources
White Papers
Third-party integration
Research
Practices and use cases
Videos
News
Company News
Product News
Events
Blog
Challenges
Compliance
Data Loss Prevention
Investigation
Data at Rest Discovery
Data Encryption
Data Visibility
Data Classification and Protection
Data at Rest Discovery
Time Tracking and Employee
Monitoring
Corporate Fraud Mitigation
Roles
C-level executive
Risk manager
Internal audit officer
Compliance manager
Information security analyst
Chief Human Resources Officer
Industries
Business Services
Education
Financial Services
Government
Insurance
Manufacturing
Healthcare
Retail
Energy
Hospitality
Construction
Partners
Become a partner
Partner login
SearchInform products are recognized by
Gartner The Radicati Group
Follow us:
© 2024 SearchInform LTD All rights reserved.
Terms of Use
Licence
Privacy&Cookies