Topics
late
AI
Amazon
Image Credits:Patrick T. Fallon / AFP / Getty Images
Apps
Biotech & Health
mood
Image Credits:Patrick T. Fallon / AFP / Getty Images
Cloud Computing
Commerce
Crypto
Screenshots of the My WinStar app.Image Credits:Google Play(screenshot)
Enterprise
EVs
Fintech
fund-raise
convenience
punt
Government & Policy
ironware
Layoffs
Media & Entertainment
Meta
Microsoft
seclusion
Robotics
Security
Social
Space
startup
TikTok
Transportation
speculation
More from TechCrunch
upshot
Startup Battlefield
StrictlyVC
newssheet
Podcasts
picture
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
The startup that develops the phone app for casino resort hulk WinStar has secured an exposed database that was spill customers ’ individual information to the undefended web .
Oklahoma - based WinStar bill itself as the “ reality ’s big gambling casino ” by straight footage . The casino and hotel recourse also proffer an app , My WinStar , in which guests can get at self - Robert William Service option during their hotel stay , their advantage points and loyalty benefits , and casino winnings .
The app is developed by a Nevada software inauguration called Dexiga .
The startup result one of its logging databases on the net without a watchword , allowing anyone with cognition of its public IP reference to reach the WinStar customer data salt away within using only their internet browser app .
Dexiga took the database offline after TechCrunch alerted the companionship to the security lapse .
Anurag Sen , a good - faith security researcher who has aknack for unwrap unknowingly exposedsensitive dataon the internet , found the database check personal information , but it was ab initio unclear who the database belonged to .
Sen said the personal datum included full name , phone numbers pool , email destination and home plate addresses . Sen shared details of the exposed database with TechCrunch to help describe its proprietor and bring out the security lapse .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
TechCrunch examined some of the expose data and verified Sen ’s finding . The database also contained an mortal ’s gender and the IP address of the user ’s machine , TechCrunch found .
None of the datum was encrypted , though some sensitive data — such as a person ’s date of birth — was cast and replaced with asterisks .
A review of the exposed data by TechCrunch set up an internal user account and password associated with Dexiga founder Rajini Jayaseelan .
Dexiga ’s website say its technical school platform powers the My WinStar app .
To reassert the source of the suspect spillage , TechCrunch downloaded and set up the My WinStar app on an Android gadget and signed up using a phone number manipulate by TechCrunch . That phone act instantly appear in the expose database , support that the database was linked to the My WinStar app .
TechCrunch contacted Jayaseelan and apportion the IP address of the expose database . The database became unprocurable a poor time after .
In an e-mail , Jayaseelan suppose Dexiga fasten the database but claim the database contained “ publicly uncommitted information ” and that no sensitive data was exposed .
Dexiga order the incident ensue from a log migration in January . Dexiga did not provide a specific date when the database became reveal . The exhibit database contained rolling daily logs dating back to January 26 at the clip it was secured .
Jayaseelan would not say if Dexiga has the technical means , such as memory access log , to influence if anyone else accessed the database while it was exposed to the cyberspace . Jayaseelan also would not say if Dexiga has notified WinStar of the security system relapse , or if Dexiga would inform affected client that their info was exposed . It is not straightaway have intercourse how many individuals had personal data uncover by the data point spill .
“ We are further investigate the incident , extend to monitor our IT systems , and will take necessary future actions consequently , ” Dexiga said in reply .
WinStar ’s general manager Jack Parkinson did not answer to TechCrunch ’s email requesting comment .
take more on TechCrunch :
