A recent report has uncovered a security breach in a Nevada software startup that powers the WinStar World Casino and Resort, the largest casino in the world in terms of square footage. The exposed database, belonging to Dexiga, the software startup powering My WinStar, was found by security researcher Anurag Sen, revealing customers’ private information including names, emails, home addresses, phone numbers, and dates of birth.
Once the breach was discovered, access to the exposed database was discontinued. However, Dexiga claimed that the information in the database was “publicly available,” denying that any sensitive personal information was exposed. It was also unclear whether Dexiga had tools to track who accessed the exposed database while it was available.
This breach comes on the heels of cybersecurity expert Dan Lohrmann’s warning about the potential dangers of cyberattacks for casinos. Lohrmann emphasized the need for gambling operators to take proper action to prevent further attacks, even if they settle a matter by paying ransom. He stressed that changes to cybersecurity policies are crucial to prevent future vulnerabilities.
The My WinStar app, which provides self-service features and acts as a loyalty program for visitors, was created by Dexiga to enhance the casino experience. However, this security breach has raised concerns about the protection of customer data and the potential risks for cyberattacks targeting casinos and gambling operators.