Latest News
Popular Gambling App Exposed Millions of Users in Massive Data Leak
Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.
The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.
Aside from leaking activity on the app, the breached database also exposed private user information.
With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.
Company Profile
Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.
Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.
Timeline of Discovery and Owner Reaction
Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.
Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.
In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.
Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.
- Date discovered: 19th March 2020
- Date vendors contacted: 23rd March 2020
- Date of contact with AWS: 31st March 2020
- Date of Action: Approx. 5th April 2020
Example of Entries in the Database
Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:
- “enter game”
- “win”
- “lose”
- “update account”
- “create account”
During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.
In total, this amounted to over 50GB of exposed records in the database every single day.
Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:
- IP addresses
- Email addresses
- Winnings
- Private messages
This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:
- USA – 10,000+
- UK – 2,475+
- France – 1,650+
- Israel – 408+
- Germany – 1,582+
- Spain – 1,026+
- Italy – 2,407+
- Netherlands – 622+
- Australia – 6,251+
- Canada – 7,792+
- Brazil – 3,859+
- Sweden – 191+
- Russia – 547+
Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.
As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.
Data Breach Impact
Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.
Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.
One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.
Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.
With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.
With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:
- Trick them into providing their credit card details
- Trick them into providing additional PII to be used against them in further fraud
- Clicking a link that embeds malware, spyware, or ransomware onto their device.
If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.
Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.
Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.
Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.
Impact on Clubillion and it’s Developers
The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.
With fewer players, Clubillion will lose advertising revenue and reduced profits.
As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.
Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.
Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.
Advice from the Experts
Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:
- Securing their servers.
- Implementing proper access rules.
- Never leaving a system that doesn’t require authentication open to the internet.
Any company can replicate the same steps, no matter its size.
For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.
For Clubillion Users
If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.
To learn about data vulnerabilities in general, read our complete guide to online privacy.
It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.
How and Why We Discovered the Breach
The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.
Our team was able to access this database because it was completely unsecured and unencrypted.
Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.
As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.
These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.
The purpose of this web mapping project is to help make the internet safer for all users.
Powered by WPeMatico
Â
Here are this weeks latest slots releases compiled by European Gaming
Spinomenal has released its latest title, Queen of Oasis. Set against the rolling ancient Egyptian dunes and lush, palm-lined oases, Queen of Oasis immerses players in an elegant world of riches. Camels, vultures, antelopes, snakes, and the powerful Queen herself bring this 5-reel slot to life. The reels sit within two ornate marble pillars where the bejewelled Queen represents the Wild symbol.
TaDa Gaming has released Golden Bank 2, a sequel to the popular Golden Bank slot. With a 10,000x max win and exciting features, Golden Bank 2 engage players with its immersive gameplay and the potential for substantial payouts. Set in a golden vault, Golden Bank 2 combines the simplicity of classic slots with the thrill of modern mechanics. With vibrant graphics and a dynamic soundtrack, the game immerses players in an exciting, high-stakes atmosphere.
Evoplay has launched Belfry Bliss Hold and Win, a fiery 5Ă3 slot that blends retro-inspired visuals with a darker twist on the fan-favourite Hold and Win mechanic. Set against a backdrop of flames and ringing bells, the game reintroduces Evoplayâs mischievous Devil character, not as a foe, but as a Wild symbol, lighting the way to potential wins. Classic slot icons like sevens, bars and cherries return, but the real action begins when the bells drop.
Brute Force: Alien Onslaught reunites the original Brute Force members⊠with a surprise addition. Joshua and Jason have recruited the help of Jade, a fearless mercenary, who doesnât know defeat. This game joins the ranks of signature Nolimit City slots like Fire In The Hole 3, Highway To Hell and most recently Flight Mode. Itâs time to lock and load, once again! Unlike the prequel, Brute Force: Alien Onslaught features a 6 reel setup, wilds and a new baddie, Xylox, who can steal multipliers from Joshua, Jason and Jade.
Push Gaming has returned to the deep blue with Fish ânâ Nudge Big Catch, a reimagined follow-up to one of its most beloved recent titles. Building on the charm and success of the originalFish ânâ Nudge, Big Catch brings fresh energy to the series with a new take on free spins and added layers of excitement designed to engage both loyal fans and new players.
Â
Playân GO unveils Rise of Orpheus, a mythical slot that takes players deep into the Underworld in pursuit of love, light, and powerful gameplay features. Following in the footsteps of mythology-inspired favourites like Gates of Troy and Rise of Olympus, Rise of Orpheus brings the tragic tale of Orpheus and Eurydice to life through emotionally charged mechanics and immersive storytelling.
Playson welcomes the return of its mischievous trickster in Super Pink Joker: Hold and Win, who features as a Wild during base play before shapeshifting into a lavish Multiplier for the renowned Hold and Win Bonus. Set in a dazzling pink world full of energy, the release cranks up the heat with dynamic animations and upbeat audio, with the jester taking his place on the enlarged 5Ă3 grid alongside electrified coins and cartoon-style fruits.
Blueprint Gamingâą reignites the prehistoric fun in its latest major branded IP release, The Flintstonesâą Bedrock Riches, led by two lavish bonus games and an intriguing base play trail. The seriesâ original, The Flintstonesâą, enjoyed a strong initial uptake in users following its launch in May 2024, with players gravitating towards the familiarity of the brand and series. The renowned slot studio now feels confident the latest offering has built on key features and aims to retain players long term.
ELA Games, a dynamic game development studio, announces the release of Johnâs Book, its modern take on timeless themes and mechanics. The game invites players to join John the Explorer to hunt for ancient treasures buried in a Pharaohâs tomb. Rich with iconic symbols and familiar mechanics, Johnâs Book is a tribute to the well-loved âBook OfâŠâ format thatâs prevalent in the industry while adding its twists. With high replayability, easy-to-understand features, and an immersive design, this title appeals to both veteran and casual players.
Players get to dig deeper with every spin as they search for gems and big wins in Wild Gold Mine, the latest slot release for iGaming content provider, ICONIC21. Wild Gold Mine promises a glistening player experience thanks to a cart-load of features, including a unique bonus that makes an appearance for the very first time in an ICONIC21 slot.
âHellish 7 Hold & Winâ, (Höllische 7 Hold & Win in German) is now live, a spicy Classic Series slot from the Berlin-based developer Hölle Games. This is a new summer edition in the Hellish Seven franchise, known for its high volatility, hellishly good payouts, and hard rock riffs. The new entry features Hold & Win, where, if players can fill the reels with (any) cash symbol, they will win the impressive 7777x main prize!
Tom Horn Gaming is kicking off July with Panda Rica, a fast-paced 3Ă3 video slot that delivers simple yet captivating mechanics and vibrant visuals. From expanding wilds and multiplier wins to Star Gamble Ladder, the game is a standout addition to the supplierâs growing portfolio of slot titles. Designed for quick sessions and high engagement, Panda Rica combines classic slot appeal with clever gameplay that elevates the player experience.
Prepare for an unforgettable summer as Endorphina announces the highly anticipated release of Sticky Lips, its latest captivating slot. This visually striking title invites players into a vibrant world where Endorphinaâs Joker makes a remarkable return, blowing irresistible kisses to make their winnings truly stick. Sheâs wild, sheâs wicked â and her lips are ready to stick you with luck! Dare to stare into her eyes in this 5-reel 4-row slot with 50 fixed paylines and prove your worth to get a lucky, juicy kiss. With every spin, her lips glow and tempt, hungry to lock in golden wins.
Â
The post Week 28/2025 slot games releases appeared first on European Gaming Industry News.
Â
All-Cash Transaction Unlocks Significant, Unrealized Value for Boyd Shareholders
Boyd, FanDuel Extend Market-Access Agreements through 2038
Boyd Gaming Corporation announced it has entered into a definitive agreement to sell the Companyâs 5% equity interest in FanDuel Group to Flutter Entertainment plc for cash consideration of $1.755 billion.
The transaction is expected to close in the third quarter of 2025, subject to regulatory approvals. The Company intends to use net proceeds to reduce debt.
Keith Smith, President and Chief Executive Officer of Boyd, said: âThis transaction unlocks the tremendous unrealized value that our investment in FanDuel has created for our Company. As a result, we are in a significantly stronger financial position to continue executing our strategy of investing in our properties, pursuing growth opportunities, returning capital to our shareholders, and maintaining a strong balance sheet.â
In addition to purchasing Boydâs equity interest in FanDuel, Boyd and FanDuel will terminate certain existing market-access agreements between the parties and enter into new agreements to provide, among other things, for an extended term through 2038. The agreements will also provide Boyd with a fixed fee per state from FanDuelâs mobile sports-betting operations in Iowa, Indiana, Kansas, Louisiana and Pennsylvania, as well as FanDuelâs online casino operations in Pennsylvania, upon the close of this transaction.  FanDuel will also continue to operate Boydâs retail sportsbooks outside of Nevada through mid-2026, after which time Boyd will assume responsibility for these operations.
Under terms of the revised market-access agreements with FanDuel, the Company now expects its Online segment will generate $50 million to $55 million in operating income and Adjusted EBITDAR for the full year 2025, and approximately $30 million in 2026.
Smith added: âThe partnership between Boyd and FanDuel has been a remarkable success for both companies. FanDuel has emerged as the nationâs clear leader in online sports-betting, while Boyd has been able to leverage this partnership to profitably participate in the rapid growth of sports betting across the country.  It has been a privilege to work with the Flutter and FanDuel teams, and we look forward to supporting FanDuelâs continued growth and success through our market-access agreements across the country.â
Moelis & Company LLC served as exclusive financial advisor to Boyd Gaming on the transaction.  Morrison & Foerster LLP served as legal advisor to Boyd Gaming on the transaction, with Brownstein Hyatt Farber Schreck, LLP advising on the commercial agreements.
The post BOYD GAMING TO SELL FANDUEL INTEREST FOR $1.755 BILLION appeared first on Gaming and Gambling Industry in the Americas.
Â
Pioneering the next chapter of regulated iGaming in Germany, Spielbanken Bayern and leading live-casino specialist Stakelogic have gone live with brand-new online live casino solutions.
On 28 May 2025, spielbanken-bayern-online.de rolled out a set of Automatic Roulettes. The launch marks the inaugural step in a phased roadmap that will soon see more Roulette and Blackjack.
Bavaria became Germanyâs first state to introduce online live-casino games in April 2024. Since beginning 2025, Spielbanken Bayern has worked hand-in-hand with the Bavarian regulator and Stakelogic to craft a best-in-class solution that combines strict compliance with an engaging, secure, and reputable gaming offering.
Stephan van den Oetelaar, CEO at Stakelogic, added: âIt is both an honour and a privilege to develop further with Spielbanken Bayern on Germanyâs first legal online casino. The timeline was ambitious, but our combined teams delivered. In the coming months, we will continue to optimise and enrich the portfolio with additional premium content.â
This landmark collaboration cements Spielbanken Bayernâs position as Germanyâs online live-casino trail-blazer while underscoring Stakelogicâs reputation for marrying regulatory rigour with next-generation player experiences.
The post Spielbanken Bayern and Stakelogic Launch brand new Live-Casino Offering appeared first on European Gaming Industry News.
-
Central Europe6 days agoChange of Chairmanship in the GGL Board of Directors as of 1 July 2025
-
Canada5 days ago
Hard Rock Hotel & Casino Ottawa Opens with Legendary Guitar Smash and Star-Studded Celebration
-
AGCO5 days agoMIXI Receives AGCO Approval for PointsBet Acquisition
-
BetConnections5 days ago
TaDa Further Strengthens its Presence in Brazil with LatAm Leader Betconnections
-
Eastern Europe5 days ago
Totogaming Joins Cernica Pantelimon RunFest: Not Just Present, But Fully Participating
-
Australia6 days ago
L&GNSW Launches Compliance Campaign
-
Brazil4 days ago
SkillOnNet Expands Nolimit City Partnership to Enter Brazil
-
Balkans4 days ago
BFU and Elitbet Extend Their Partnership Until 2028
