Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

Published

6 years ago

July 8, 2020

Reading Time: 5 minutes

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

Date discovered: 19th March 2020

Date vendors contacted: 23rd March 2020

Date of contact with AWS: 31st March 2020

Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

“enter game”
“win”
“lose”
“update account”
“create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

IP addresses
Email addresses
Winnings
Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

USA – 10,000+
UK – 2,475+
France – 1,650+
Israel – 408+
Germany – 1,582+
Spain – 1,026+
Italy – 2,407+
Netherlands – 622+
Australia – 6,251+
Canada – 7,792+
Brazil – 3,859+
Sweden – 191+
Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

Trick them into providing their credit card details
Trick them into providing additional PII to be used against them in further fraud
Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

Securing their servers.
Implementing proper access rules.
Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted.

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

The purpose of this web mapping project is to help make the internet safer for all users.

Source

Arizona

Arizona Department of Gaming Reports $44.9 Million in Tribal Gaming Contributions for the Second Quarter of Fiscal Year 2026

Published

6 hours ago

January 8, 2026

GamingAmericas.com

arizona-department-of-gaming-reports-$44.9-million-in-tribal-gaming-contributions-for-the-second-quarter-of-fiscal-year-2026

The Arizona Department of Gaming (ADG) announced today $44,891,270 in tribal gaming contributions to the Arizona Benefits Fund for the second quarter of Fiscal Year (FY) 2026. This represents an approximate 5.6 percent increase when compared to the same quarter of FY 2025.

“The financial support that tribal gaming provides the state of Arizona continues to power local and statewide needs that are vital to healthy and safe communities,” said Jackie Johnson, Director of the ADG. “With nearly $45 million in tribal gaming contributions in the most recent period, the Department is proud to ensure the continuation of important revenue streams that positively impact Arizonans.”

The Arizona Benefits Fund receives 88 percent of tribal gaming contributions, providing significant dollars to support instructional improvement for schools, trauma and emergency care, tourism, and wildlife conservation throughout the state. If interested in viewing the cumulative tribal gaming contributions by year, please visit our reports webpage: gaming.az.gov/resources/reports.

Tribal gaming contributions to the Arizona Benefits Fund for the second quarter of the State’s FY 2026 are as follows:

Instructional Improvement Fund/Education………………………………………………..$22,373,810

Trauma and Emergency Services Fund………………………………………………………..$11,186,905

Arizona Department of Gaming Operating Costs………………………………………….$4,040,214

Arizona Wildlife Conservation Fund……………………………………………………………$3,196,258

Tourism Fund…………………………………………………………………………………………..$3,196,258

Problem Gambling Education, Treatment and Prevention……………………………..$897,825

Total: Tribal Gaming Contributions to the Arizona Benefits Fund……………………..$44,891,270

Per the Arizona Tribal-State Gaming Compact, the remaining 12 percent is distributed by the tribes to the cities, towns, and counties of their choosing for community services and public safety programs for local governments. Since FY 2004, cumulative contributions have totaled approximately $2.5 billion, benefitting both the state and its cities, towns, and counties.

Currently, there are 26 Class III casinos in Arizona, which ADG regulates in partnership with Arizona tribes. For more information, view our tribal gaming webpage: gaming.az.gov/tribal-gaming-page.

The post Arizona Department of Gaming Reports $44.9 Million in Tribal Gaming Contributions for the Second Quarter of Fiscal Year 2026 appeared first on Americas iGaming & Sports Betting News.

888.it

R. Franco Digital Shortlisted for Casino Platform Excellence at EGR Europe Awards 2026

Published

16 hours ago

January 8, 2026

Wladimir P.

r.-franco-digital-shortlisted-for-casino-platform-excellence-at-egr-europe-awards-2026

R. Franco Digital, the leading Spanish iGaming provider, has been officially shortlisted for Casino Platform Supplier of the Year at the prestigious EGR Europe Awards 2026. The nomination recognizes a landmark year for the company, characterized by the explosive growth of its IRIS Open Omnichannel Platform and a major commercial breakthrough into the Italian market.

The winners will be announced during a gala ceremony on February 18, 2026, at the Hilton Malta, where the industry’s top-tier operators and suppliers gather to celebrate European gaming excellence.

IRIS: The Engine of Omnichannel Growth

The core of R. Franco Digital’s success lies in its IRIS platform, a highly scalable, multi-jurisdictional solution that unifies casino, sports betting, and retail management.

IRIS Platform Milestones (2025-2026):

Jurisdictional Reach: Certified in 6 jurisdictions and operational in over 10 regulated markets.
Content Depth: Seamlessly integrated with over 1,600 games from global third-party providers.
Operational Stability: Provides 24/7 multilingual support and advanced real-time analytics for operators.
Commercial Momentum: Secured 50+ new operator partnerships and entered three new markets within the last 12 months.

Performance Highlights: 4 Billion Game Rounds

R. Franco Digital’s games portfolio has seen a massive surge in engagement, bolstered by 20 new high-performance slot releases in 2025. Standout titles such as Strange Spins, Aphrodite, Zorro: Final Duel, Ovomon, and The Phantom contributed to a record-breaking year.

Metric	2025–2026 Achievement
Total Game Rounds	4 Billion+ across regulated markets
Revenue Growth	30% Increase during the judging period
New Content	20 New slot titles launched
Expansion	Debut in the Italian regulated market

Strategic Italian Market Entry

A major factor in the EGR shortlisting was R. Franco Digital’s successful entry into Italy. The provider rapidly localized its content to meet the specific demands of Italian players through tier-one partnerships:

Stanleybet.it: Launched 19 games, including the Italian-exclusive debut of Strange Spins.
888.it: Successfully rolled out the popular Super 7 3×3 title.

“We’re proud to be shortlisted for this award, which reflects the strength of our IRIS platform and the quality of the content we’ve delivered over the past year,” said Javier Sacristán Franco, International Business Director at R. Franco Digital. “Our team has worked hard to support operators with reliable, innovative solutions… we are delighted to see that effort recognised.”

The post R. Franco Digital Shortlisted for Casino Platform Excellence at EGR Europe Awards 2026 appeared first on Eastern European Gaming | Global iGaming & Tech Intelligence Hub.

Big Hot Flaming Pots

Big Hot Flaming Pots: Tasty Treasures – Lightning Box Brings Land-Based Hit Online

Published

17 hours ago

January 8, 2026

Wladimir P.

big-hot-flaming-pots:-tasty-treasures-–-lightning-box-brings-land-based-hit-online

Light & Wonder has officially launched Big Hot Flaming Pots: Tasty Treasures, the digital debut of its highly successful land-based franchise. Developed by in-house specialist studio Lightning Box, this 3×5 slot offers 243 ways to win and a high-energy “three-pot” mechanic that has already become a staple on casino floors worldwide.

The game transitions the whimsical “dumpling-tossing” theme to online audiences, combining vibrant Asian-inspired aesthetics with a deep mathematical model designed for high-engagement sessions.

The Three-Pot Mechanic & Seven Feature Combinations

At the core of the gameplay is the persistent pot system. Landing specific colored coins fuels three separate pots—Yummy, Spicy, and Upsized. These pots can trigger individually or in any combination, leading to seven distinct bonus paths.

Feature Mode	Gameplay Enhancement
Yummy Mode	Increases the Hold & Spin respin counter from 3 to 4, significantly extending bonus life.
Spicy Mode	Introduces Chilli multipliers; landing a pepper adds its cash value to every symbol currently held on the board.
Upsized Mode	Unlocks a Dual Grid (two reel sets) for the Hold & Spin round, doubling the win potential.
Combined Modes	Triggering all three at once creates the “Mega Bonus,” featuring dual grids, 4 respins, and value-boosting peppers.

Innovation: The Stack N’ Hit Feature

Unlike traditional Hold & Spin mechanics where symbols simply lock until the round ends, Tasty Treasures introduces the Stack N’ Hit evolution.

Reel Clearing: When a vertical reel is filled with Bun symbols, the prizes are instantly collected, and the reel is cleared.
Persistent Respins: Clearing a reel creates open spaces for new prizes to land, allowing the bonus round to continue far longer than standard industry alternatives.
The Path to Grand: Each cleared reel activates a “Pepper Tracker” above it. Lighting up all five trackers awards the Grand Progressive Jackpot.

Jackpot Tiers & Base Game Depth

Operators benefit from a versatile math model that supports both consistent base-game performance and high-volatility jackpot chases.

Progressive Jackpots: Grand and Major tiers for life-changing win potential.
Fixed Jackpots: Minor and Mini tiers awarded through symbols landing during features.
Nudge Wilds: In the base game, Wild symbols can nudge to cover entire reels, assisting in achieving the 243-way payouts.

“Big Hot Flaming Pots: Tasty Treasures carries forward a brand that has already made its mark in land-based venues,” says Michael Maokhamphiou, Studio Director at Lightning Box. “This release offers operators a flexible, high-performing title that combines familiarity with fresh layers of engagement.”

The post Big Hot Flaming Pots: Tasty Treasures – Lightning Box Brings Land-Based Hit Online appeared first on Eastern European Gaming | Global iGaming & Tech Intelligence Hub.