WinStar Hotel and Casino, known as the world’s largest casino, faced a big data breach. The breach stemmed from an exposed database linked to their mobile app, My WinStar, which is developed by Nevada-based software startup Dexiga.
The exposed database was discovered by security researcher Anurag Sen, who found it accessible to anyone with its public IP address. This database contained sensitive customer information, including full names, phone numbers, email addresses, home addresses, gender, and the IP addresses of users’ devices.
Although some data, like dates of birth, were redacted, the lack of encryption raised serious concerns.
TechCrunch, after being alerted to the breach, conducted an investigation and confirmed the findings. They even tested the app by signing up with a controlled phone number, which immediately appeared in the exposed database, confirming its connection to the My WinStar app.
Upon contact, Dexiga’s founder, Rajini Jayaseelan, acknowledged the breach and claimed the database contained only publicly available information. However, the nature of the exposed data suggests otherwise. Dexiga attributed the incident to a log migration process in January but did not specify when the database became exposed.
The database, containing rolling daily logs dating back to January 26, was secured shortly after TechCrunch’s intervention. However, Dexiga has not confirmed whether they have the means to determine if anyone else accessed the database during its exposure. They also did not clarify if they have notified WinStar or the affected customers about the breach.
This incident highlights the growing concerns around data security and the responsibility of companies to safeguard customer information. As investigations continue, the full extent of the breach and its implications for WinStar’s customers remain to be seen.