Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

Published

6 years ago

July 8, 2020

Reading Time: 5 minutes

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

Date discovered: 19th March 2020

Date vendors contacted: 23rd March 2020

Date of contact with AWS: 31st March 2020

Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

“enter game”
“win”
“lose”
“update account”
“create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

IP addresses
Email addresses
Winnings
Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

USA – 10,000+
UK – 2,475+
France – 1,650+
Israel – 408+
Germany – 1,582+
Spain – 1,026+
Italy – 2,407+
Netherlands – 622+
Australia – 6,251+
Canada – 7,792+
Brazil – 3,859+
Sweden – 191+
Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

Trick them into providing their credit card details
Trick them into providing additional PII to be used against them in further fraud
Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

Securing their servers.
Implementing proper access rules.
Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted.

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

The purpose of this web mapping project is to help make the internet safer for all users.

Source

B2B Marketing Strategy

The Power of the Lead-Up: Why Visibility Before ICE Defines Success

Published

18 minutes ago

January 9, 2026

Wladimir P.

the-power-of-the-lead-up:-why-visibility-before-ice-defines-success

Article by Vikki McCausland, Head of Account Management

In a lot of industries, the first few weeks of the year are about catching up with the ‘let’s circle back in January’ tasks and slowly easing your way back into your work routines.

In iGaming, especially within marketing departments, January provides no such luxuries. This is the time of year when iGaming companies and marketing teams have to be at the top of their games. Why are we so busy, you ask? One word: ICE.

Building Momentum

ICE is the industry’s premier event. It brings together iGaming’s biggest names and companies under one roof.

While the event may be the best part of a month away, the companies that will perform best in Barcelona are those that are planning. It is not enough to simply show up and attend the event; the companies that will succeed in Barcelona are those that have thought ahead, crafted their narratives, and have a clear strategy.

To say ICE can feel like an Olympic event might feel like an exaggeration, but anyone who has spent their time running up and down those halls will know how tough those few days can be.

It is competitive. People are vying for attention, and trying to grab people spontaneously on the day can be even more difficult. A carefully considered pre-ICE marketing plan can be highly effective in saving you time and ensuring you schedule the talks and the time you need.

Releasing News

From a news perspective, ICE can also be another minefield. Everyone has some sort of announcement to make, and generating buzz, especially for smaller businesses, is challenging, to say the least.

Getting ahead of this and building momentum as you head into the event is a much smarter strategy. With so much competition for headlines and attention during ICE week, making major announcements before the event and securing some pre-ICE exposure can be a brilliant way to stand out.

The effects of this are two-fold: firstly, you do not have to compete with major companies that can dominate headlines if they drop big announcements during the event. Secondly, getting attention ahead of the event means that you have a talking point for it and that you can secure the kinds of meetings you want ahead of time.

A Structured Narrative

The smartest businesses are the ones that do not just treat ICE as an isolated event. Their marketing departments, much like ours, go into ICE mode early and begin to build their narratives for the event. Whether this is pre-event announcements, Q&As or just social media buzz.

This continues after the event, as you shape the narrative around your announcements and develop future plans based on any discussions and new partnerships you have built.

Having this fully fleshed-out plan also signals to the wider industry that you are a serious participant, not just an opportunistic exhibitor seeking short-term attention and capitalising on industry chatter.

Getting your pre- and post-ICE strategy in place with no support can be challenging. At GameON, our work for ICE starts long before we sit down on that plane to Barcelona. We speak with our clients in the weeks and months leading up to the event, carefully planning the narrative they want to build and helping them capitalise on the opportunities the event can create.

A Victory Lap

ICE can, undeniably, be a time of stress and high activity. Still, with proper planning, it can be a productive few days where you can achieve everything you need to, chat to the people you want, and even enjoy a few sangrias in the Catalonia sun.

This planning should be a carefully curated roadmap covering press releases, editorials, social media, and booking management. Crafting this strategy requires exactly the kind of expertise our team is equipped to offer at GameOn.

When executed right, ICE should feel like a victory lap. A well-planned and executed exhibition that showcases your business and positions you precisely as you want to be. It should be the culmination of your efforts, not a last-minute scramble to make sure you can grab a tiny bit of time with potential partners.

The post The Power of the Lead-Up: Why Visibility Before ICE Defines Success appeared first on Eastern European Gaming | Global iGaming & Tech Intelligence Hub.

9 Coins

Wazdan Enters Slovenian Market via Partnership with Casinò Portorož

Published

18 minutes ago

January 9, 2026

Wladimir P.

wazdan-enters-slovenian-market-via-partnership-with-casino-portoroz

Wazdan, the “gain-focused” slots developer, has officially entered the Slovenian regulated market through a strategic partnership with Casinò Portorož. The company’s premium slot portfolio is now live on casino.si, the country’s only licensed online casino operator.

This launch represents a pivotal moment for the Slovenian market following Casinò Portorož’s receipt of a government concession to operate online gaming, marking a new chapter for local players.

A Curated Portfolio for Slovenian Players

As part of the initial launch, Slovenian players now have access to a carefully selected range of 15 Wazdan titles. These games are known for their innovative mechanics and high engagement rates. The starting lineup includes:

Coins Series: 9 Coins, 9 Coins 1000, 9 Coins Grand Gold, 12 Coins Grand Gold, 20 Coins, and One Coin.
Bells Series: 9 Bells and 12 Bells.
Fan-Favorites: Burning Sun, Magic Spins, and Sizzling Eggs.
Hot Slot Collection: 777 Crown and Mystery Jackpot Joker.
Mythology Themes: Power of Gods: Valhalla and Power of Sun: Svarog.

Strategic Importance of the Partnership

Casinò Portorož is a cornerstone of the Slovenian gaming industry, boasting a strong land-based heritage and a reputation for security and regulation. By partnering with Wazdan, they are strengthening their digital debut with content proven to perform across diverse European jurisdictions.

“Launching our online casino Casino.si offering in Slovenia is a landmark moment for Casinò Portorož,” said Ksenija Bezek, Head of Online Operations at Casinò Portorož. “Partnering with Wazdan allows us to strengthen that debut with a portfolio of proven, high-quality games.”

Expanding the European Footprint

For Wazdan, this entry into Slovenia is the latest step in a broad strategy to solidify its presence in regulated European markets. The developer’s games are designed to support long-term retention through adjustable Volatility Levels and unique bonus features.

Radka Bacheva, Head of Sales and Business Development at Wazdan, commented:

“Entering Slovenia with Casinò Portorož aligns perfectly with our strategy. As the country’s only licensed online casino, casino.si provides an ideal platform to introduce our games to a new audience.”

Experience Wazdan at ICE 2026

Industry professionals looking to explore Wazdan’s latest “Online gaining” innovations can visit their team at ICE Barcelona 2026.

Learn more about Wazdan’s latest releases and promotional tools or visit the casino.si platform to experience the games firsthand.

The post Wazdan Enters Slovenian Market via Partnership with Casinò Portorož appeared first on Eastern European Gaming | Global iGaming & Tech Intelligence Hub.

Basketball Betting

DATA.BET Bolsters Basketball Offering with Odds Composer Partnership for Expanded Player Props

Published

18 minutes ago

January 9, 2026

Wladimir P.

data.bet-bolsters-basketball-offering-with-odds-composer-partnership-for-expanded-player-props

DATA.BET Expands Basketball Player Props Through Strategic Odds Composer Partnership

DATA.BET, a leading provider of premium sportsbook solutions, has officially entered into a strategic partnership with sports data supplier Odds Composer. This collaboration is set to significantly strengthen DATA.BET’s basketball offering, introducing a vast array of new Player Props and expanding market depth for major global competitions.

The timing of the integration is particularly impactful, launching in the middle of the 2025/26 season to provide operators with enhanced tools to capture peak betting demand.

Deepening Market Coverage for the NBA and Beyond

The partnership allows DATA.BET to offer wider coverage of high-profile basketball events, including the NBA. By integrating Odds Composer’s specialized data feeds, the platform now provides:

Granular Player Props: Focused on individual performances and specific in-game moments.
Pre-Match & Live Flexibility: New markets are available across both environments, ensuring continuous engagement.
Increased Market Depth: More betting options per game, allowing operators to differentiate their offerings.

For players, these new props make the betting experience more immersive by shifting the focus to the individual stars and statistical milestones they follow most closely.

Powering the Next Generation of Bet Builders

A core component of this partnership is the enhancement of DATA.BET’s Bet Builder. Player Props are a fundamental building block for modern betting features, and this integration directly supports the company’s product roadmap.

Operators can now offer more flexible Bet Builder combinations, allowing users to create highly personalized parlays within a single basketball game. This functionality is proven to boost engagement and provide a more premium, “sticky” betting experience.

“Expanding our basketball Player Props is an important step in making our sportsbook better,” said Otto Bonning, Head of Sales at DATA.BET. “This partnership lets us offer more markets, and by strengthening Bet Builder functionality, our clients can give players a more profitable betting experience and stay competitive.”

A Commitment to Scalable Growth

The collaboration reflects a shared vision for the future of sports data. By providing reliable and deep player markets, Odds Composer helps DATA.BET maintain its position as a top-tier solution for operators looking for sustainable growth across multiple verticals.

Kevin Liivamägi, CEO and Co-founder at Odds Composer, added:

“This partnership lets DATA.BET add our basketball Player Props to its growing sportsbook. We aim to provide reliable player markets for major competitions so that operators can offer deeper coverage during the most important times of the season.”

About DATA.BET

DATA.BET is a trusted sportsbook solution provider specializing in high-tech, data-driven products for the iGaming industry. With a focus on premium content and advanced features like Bet Builder and AI-powered tools, the company helps operators maximize their revenue and player retention.

For more information, visit the official DATA.BET website.

The post DATA.BET Bolsters Basketball Offering with Odds Composer Partnership for Expanded Player Props appeared first on Eastern European Gaming | Global iGaming & Tech Intelligence Hub.