美国多个赌博网站泄露 1.08 亿条信息 包括支付卡资料

网络安全研究人员贾斯汀·潘恩（Justin Paine）说，这些信息是从ElasticSearch服务器泄露的，并在网上流传，不需要密码就能获得。


ElasticSearch是一个搜索引擎，企业喜欢用它来改进自有网络App的数据索引和搜索功能。一般来说这样的搜索引擎会装在内部网络，用来处理公司机密信息，信息不会泄露在网上。

上周，潘恩发现一些敏感信息，这些信息来自在线赌博门户网站。虽然开放的服务器只有一台，但是里面的数据相当庞大，来自数个网络域名。

经过一番分析，潘恩认定这些域名全都用来运营网络赌场，用户可以下注参与。潘恩发现总计大约有1.08亿条记录曝光，里面有押注、获胜、存款、取款信息。在存款和取款信息里还有支付卡资料。

该新闻译自https://www.zdnet.com/article/online-casino-group-leaks-information-on-108-million-bets-including-user-details/
这里是原文的Update:
January 22: A Mountberg Limited spokesperson has replied to ZDNet's request for comment with the following statement:

I would like to start by thanking Justin Paine not only for identifying the issue, but also for attempting to assist us in resolving it. This discovery of his, enabled us to take prompt action to secure our clients information avoiding any potential data spread. We are also grateful that it was Justin to discover this through his extensive expertise, as opposed to any other parties with less integrity and potential malicious intentions. Through this we were able to act in time and avoid sensitive data to be exposed or leaked further.

This event is one that should benefit both our company and the iGaming industry as a whole in the future. We work in a dynamic and ever changing technological environment that is progressing at a rapid rate. Cyber Security is a vital element of every online company in this current technological paradigm and we pride ourselves as being at the forefront of technological developments. The identification of this issue has allowed our company reassess the nature of our security protocols and procedures and we feel that, in the longer term having this occur will only strengthen our defences against such instances in the future. Furthermore, this should ensure that ourselves and other industry players can learn together and adapt our best practices and principles when it comes to situations with tangible risk. We see every identified, and unidentified, problem is an opportunity to grow.