Connect with us

Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

Published

6 years ago

on

Reading Time: 5 minutes

 

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

  • Date discovered: 19th March 2020
  • Date vendors contacted: 23rd March 2020
  • Date of contact with AWS: 31st March 2020
  • Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

  • “enter game”
  • “win”
  • “lose”
  • “update account”
  • “create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

  • IP addresses
  • Email addresses
  • Winnings
  • Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

  • USA – 10,000+
  • UK – 2,475+
  • France – 1,650+
  • Israel – 408+
  • Germany – 1,582+
  • Spain – 1,026+
  • Italy – 2,407+
  • Netherlands – 622+
  • Australia – 6,251+
  • Canada – 7,792+
  • Brazil – 3,859+
  • Sweden – 191+
  • Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

  1. Trick them into providing their credit card details
  2. Trick them into providing additional PII to be used against them in further fraud
  3. Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

  1. Securing their servers.
  2. Implementing proper access rules.
  3. Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted. 

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

The purpose of this web mapping project is to help make the internet safer for all users.

 

Source

Powered by WPeMatico

Related Topics:
Continue Reading
Advertisement

Brazil

Brazil advances integrity agenda amid strong market growth

Published

3 days ago

on

April 3, 2026

By

brazil-advances-integrity-agenda-amid-strong-market-growth

Brazil’s regulated betting market continues to gain structure and momentum, as the country balances regulatory consolidation, integrity safeguards, and commercial growth.

Over the past week, key developments, from federal policy implementation to strategic partnerships and product innovation, highlight how the ecosystem is maturing ahead of major global sporting events.

Government launches national policy to combat match-fixing

A major regulatory milestone was reached with the creation of the National Policy for the Prevention and Combating of Sports Manipulation (PNPEMR). Established through a joint ordinance by the Ministries of Sports, Finance, and Justice, the policy introduces a comprehensive national framework designed to address integrity risks in sports.

The initiative is structured around four central pillars: regulation, prevention, monitoring and enforcement, aiming to protect the credibility and unpredictability of sporting competitions in Brazil.

The policy emphasizes interinstitutional cooperation, bringing together public authorities, sports organizations, betting operators and international bodies.

Among its key measures are:

  • Standardization of reporting flows for suspicious betting activity
  • Continuous education programs for athletes, referees and sports officials
  • Protection mechanisms for whistleblowers
  • Strengthening of criminal investigations targeting organized match-fixing networks

Under the framework, the Ministry of Sports will coordinate implementation, while the Ministry of Finance will oversee betting regulation and operator compliance. The Ministry of Justice and Public Security, alongside the Federal Police, will lead intelligence-sharing and enforcement efforts, particularly in cases with interstate or international scope. See DOU

A multi-stakeholder governance committee will be responsible for monitoring progress and proposing adjustments, ensuring that the policy evolves alongside the market.

This move reinforces Brazil’s intention to align regulatory oversight with global integrity standards, particularly relevant as the country prepares for high-volume betting scenarios during major international competitions.

Sportradar expands iGaming strategy with Playradar launch

On the corporate front, Sportradar announced the launch of Playradar, a new brand dedicated to its iGaming vertical, signaling a strategic shift toward more integrated and immersive betting experiences.

The new offering is built around hybrid gaming concepts, combining real-time and historical sports data with live streaming and casino content.

Among the key features is a 24/7 live experience hub, where users can engage simultaneously with sports events and interactive gaming formats.

The initiative will be led by Edo Haitin, a seasoned executive with over two decades of experience in live gaming and product development.

The company plans to roll out Playradar starting in 2026, initially targeting regulated markets in the UK, North America and Latin America.

According to CEO Carsten Koerl, the move represents a natural evolution of the company’s capabilities, leveraging its existing infrastructure in data, streaming and user behavior analytics to enhance engagement and monetization across the player lifecycle.

Haitin also emphasized the strategic vision behind the launch, highlighting the ability to combine technology and content in line with evolving market demands, particularly as operators look for differentiated and immersive user experiences.

Importantly, Playradar will operate exclusively in regulated environments, maintaining a strong focus on responsible gaming and integrity, aligning with broader industry and regulatory trends.

Playson strengthens Brazilian footprint through Betnacional partnership

Further reinforcing Brazil’s position as a high-growth market, Playson expanded its regional presence through a new partnership with Betnacional, a leading local operator owned by Flutter Entertainment.

The agreement will see a portfolio of Playson’s top-performing titles integrated into Betnacional’s platform, including 4 Pots Riches, Diamonds Power, and Sugar Teddy x1000, all recognized for their strong performance in regulated markets and engaging gameplay mechanics such as Hold and Win.

The partnership reflects a broader industry trend toward localization and mobile-first strategies, as operators seek to better align content with regional player preferences.

Cristhian Zito, Head of LatAm at Playson, highlighted the strategic importance of the deal:

Partnering with Betnacional is an important milestone for us in Brazil. It is a highly respected local brand with a deep understanding of its audience, and we are confident our content will resonate strongly with its players.

This launch further strengthens our position in the market and reflects our commitment to delivering engaging, high-performing games to operators across Latin America.”

From the operator’s perspective, Frederico Cunha, Head of Commercial at Betnacional, also emphasized the value of the collaboration:

We are delighted to welcome Playson’s portfolio to Betnacional. Their games are recognised for their quality, strong mechanics, and consistent performance, making them a valuable addition to our offering.

We look forward to working closely together and bringing an enhanced entertainment experience to our players.”

A market balancing integrity and growth

Taken together, this week’s developments illustrate a clear dual trajectory in Brazil’s betting sector: strengthening institutional and integrity frameworks while simultaneously attracting investment, innovation and international partnerships.

As regulatory structures become more sophisticated and collaboration between stakeholders deepens, Brazil is positioning itself not only as a compliant and secure market, but also as a central hub for growth in Latin America’s gaming industry.

SportyBet appoints DJ Khaled as global ambassador to expand connection between sports, culture and entertainment

SportyBet has announced DJ Khaled as its new global ambassador, strengthening its positioning at the intersection of sports, music, and contemporary culture.

He joins a global roster that includes José Mourinho and Éder Militão, reinforcing the company’s strategy of connecting with audiences through entertainment. The partnership will roll out across key markets such as Brazil, the United States, Mexico, and parts of Africa, supporting SportyBet’s expansion as an experience-driven platform.

According to Elias Gallego, Vice President of Sporty Group, the collaboration reflects the company’s focus on partnering with culturally relevant figures to engage diverse audiences, particularly in markets like Brazil where sports and lifestyle are closely linked.

Deeper push into music and entertainment

The move also signals a broader effort by Sporty Group to integrate music into its entertainment ecosystem. Earlier this year, the company partnered with Burna Boy on the “For Everybody” project, blending music, football, and global culture.

In this context, DJ Khaled’s appointment further strengthens a strategy centered on storytelling and fan engagement, especially in regions where sports and music are deeply connected.

Global mindset and brand evolution

DJ Khaled highlighted the shared vision behind the partnership, emphasizing mindset, authenticity, and global connection with fans.

The agreement reinforces SportyBet’s evolution beyond sports betting, positioning the brand within a broader entertainment ecosystem. In Brazil, it aligns with the company’s ongoing growth and its focus on delivering integrated experiences that combine content, culture, and user engagement.

The post Brazil advances integrity agenda amid strong market growth appeared first on Americas iGaming & Sports Betting News.

Continue Reading

affiliate automation

ReferOn Shortlisted for “Best Affiliate Software 2026” at SiGMA Awards South America

Published

3 days ago

on

April 3, 2026

By

referon-shortlisted-for-“best-affiliate-software-2026”-at-sigma-awards-south-america

ReferOn, the next-generation affiliate management platform, has been shortlisted for the “Best Affiliate Software 2026” category at the upcoming SiGMA Awards South America.

The nomination recognises ReferOn’s continued growth and the platform’s ability to support operators with scalable, transparent, and efficient affiliate management solutions in increasingly complex markets.

ReferOn has become a trusted foundation for businesses worldwide looking to scale their operations. With rapid adoption across the globe, the platform is now the go-to choice for companies that need to scale quickly and reliably. Because the platform handles large volumes of data with ease, it is a vital tool for teams that need speed and precision. In such a competitive market, we provide the accuracy and simplicity required to stay ahead, allowing our users to focus on their goals without the technical stress.

A New Chapter: The Era of “Refie”

This nomination arrives at a defining moment for the company, after the 2025 launch of Refie, the latest evolution of ReferOn. We have humanized B2B software with Refie, an integrated assistant that acts as a helpful navigation layer for our users. This milestone completely removed the struggle of getting started on the platform by visually guiding people through complex steps, making sure everyone can find their way without any stress or confusion.

Refie transforms repetitive daily tasks into an engaging experience that actively minimizes human error. It was specifically designed to eliminate the manual bottlenecks affiliate managers have traditionally faced, making their daily operations much faster and more efficient.

Alex Bukin, General Manager at ReferOn, commented: “Being shortlisted for the SiGMA Awards South America is a strong recognition of the progress our team has made. We are focused on building technology that simplifies affiliate management and gives operators clearer, faster access to the data they need to grow. With Refie and our upcoming developments, we’re continuing to move in that direction”.

Ambitious Plans for 2026

In 2026, ReferOn will upgrade Refie with sophisticated gamification to boost user engagement and streamline daily tasks for affiliate managers. These updates will introduce personalized, smart features, establishing a new industry benchmark for affiliate technology.

Cast Your Vote

We invite all industry peers and partners to support the work we’re doing. If you are a registered delegate attending SiGMA South America 2026, your voice matters.

  • Award Category: Best Affiliate Software 2026
  • How to Vote: Voting is open exclusively to delegates who hold valid event tickets. Please visit the official SiGMA Awards portal to cast your vote for ReferOn.

The post ReferOn Shortlisted for “Best Affiliate Software 2026” at SiGMA Awards South America appeared first on Eastern European Gaming | Global iGaming & Tech Intelligence Hub.

Continue Reading

Latest News

ELA Games Contributes to Discussions on Scalable iGaming Ecosystems and Studio Innovation at HIPTHER Prague Summit

Published

3 days ago

on

April 3, 2026

By

ela-games-contributes-to-discussions-on-scalable-igaming-ecosystems-and-studio-innovation-at-hipther-prague-summit

ELA Games recently took the stage at the HIPTHER Prague Summit, joining top industry leaders to discuss the rapidly evolving landscape of the iGaming sector. Represented by Yaroslav Soloshenko, Head of Business Development, the studio participated in a forward-looking panel focused on building a more scalable iGaming ecosystem and advancing game innovation for 2026 and beyond.

Rather than just looking at incremental changes, the panel challenged speakers to envision an ideal, universal platform of the future before tackling everyday industry challenges. From there, the conversation shifted to real-world strategies, exploring how enhanced operator-supplier collaboration, gamification, and advanced platform architecture will shape the next generation of iGaming.

One focus of the session was the ongoing evolution of game development and distribution. The group highlighted the necessity of building bespoke, trust-based relationships with operators to secure the best visibility in increasingly crowded game libraries. Tied to this was the critical importance of early operator feedback and MVP (Minimum Viable Product) testing, with panelists noting that smaller studios often have a distinct advantage in implementing operator-driven changes faster than larger competitors.

The topic of artificial intelligence was also raised, with the point made that some studios already have proof-of-concept for fully AI-generated slots. This led the panelists to tackle the relationship between AI and traditional game design, weighing the balance between mass-produced, AI-generated content and the slower, human-led craftsmanship required to build higher-value games.

Addressing the realities of market distribution, the panel discussed how operators are becoming much stricter about the number of games they release to prevent market oversaturation. They also examined how rigorous testing rules in regulated regions can significantly delay product launches. Weighing in on these challenges, Soloshenko brought ELA Games’ forward-thinking perspective to the table, advocating for the ideal of a single global license to reduce regulatory barriers and accelerate market entry.

During the session, Soloshenko emphasized the necessity of uniting departments to achieve complete, A-to-B game design. He stressed the fundamental alignment required between product and business teams, noting that because the business division operates on the frontline of the market—tracking industry changes and operator demands—they must actively help guide the product’s direction. To achieve this, he advocated for transitioning away from a factory-line style of production in favor of a “boutique” approach, where all teams collaborate intimately from the initial project kick-off all the way to release day.

“Participating in the HIPTHER Prague Summit gave us a great opportunity to explore how development strategies must adapt to current industry realities,” said Yaroslav Soloshenko, Head of Business Development at ELA Games. “The foundation of our approach is continuous collaboration, both internally and externally. By working as closely as possible with operators to share early MVPs, we gather invaluable feedback. When those insights are handed directly to a unified development team, it allows us to consistently develop titles crafted exactly for what the market needs at any given time.”

Being a part of these high-level industry talks is part of ELA Games’ strategy to remain closely aligned with operator needs and player expectations as the market evolves.

Play the demo and other games here: www.elagames.com/our-games

The post ELA Games Contributes to Discussions on Scalable iGaming Ecosystems and Studio Innovation at HIPTHER Prague Summit appeared first on Eastern European Gaming | Global iGaming & Tech Intelligence Hub.

Continue Reading

Trending

Get it on Google Play

Fresh slot games releases by the top brands of the industry. We provide you with the latest news straight from the entertainment industries.

The platform also hosts industry-relevant webinars, and provides detailed reports, making it a one-stop resource for anyone seeking information about operators, suppliers, regulators, and professional services in the European gaming market. The portal's primary goal is to keep its extensive reader base updated on the latest happenings, trends, and developments within the gaming and gambling sector, with an emphasis on the European market while also covering pertinent global news. It's an indispensable resource for gaming professionals, operators, and enthusiasts alike.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2024 - Recent Slot Releases is part of HIPTHER Agency. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania