The phone app developed for WinStar, touted as the “world’s biggest casino,” inadvertently exposed customers’ private information due to an unprotected database. Dexiga, the Nevada-based software startup responsible for the app, left a logging database accessible on the internet without a password, potentially compromising users’ sensitive data.
The My WinStar app, developed by Dexiga for the WinStar casino resort, allows guests to manage their hotel stay, access rewards, and view casino winnings.
Dexiga’s logging database, containing personal information like names, phone numbers, emails, and addresses, was left unsecured, accessible with just a web browser.
Security researcher Anurag Sen identified the exposed database, prompting TechCrunch to investigate.
TechCrunch verified the authenticity of the data and traced it back to Dexiga, confirming the source by signing up for the My WinStar app and observing the immediate inclusion of their provided phone number in the exposed database.
Dexiga secured the database after being notified by TechCrunch but downplayed the severity of the incident, claiming the exposed data was “publicly available information.”
The startup cited a log migration in January as the cause of the security lapse but did not specify when the database became accessible.
Dexiga did not disclose whether affected customers would be informed or if WinStar had been notified of the breach.
Dexiga stated it is investigating the incident further and will take necessary actions to address any vulnerabilities in its IT systems.
The extent of the data exposure and the number of affected individuals remains unclear, raising concerns about potential privacy violations.
The exposure of sensitive personal data through the My WinStar app highlights the importance of robust security measures in handling user information. Dexiga’s response and the steps taken to mitigate the breach will be closely monitored as the investigation unfolds.
Source: Adapted from information provided by TechCrunch.