Dexiga, a software startup based in Nevada and the developer behind the WinStar app, has confirmed reports of a security breach involving customer information. The breach involved an unprotected database accessible online, potentially exposing personal data of users of the My WinStar mobile app. My WinStar, affiliated with the largest land-based casino globally, allows users to manage hotel stays, access rewards, and track casino earnings.
Reported by TechCrunch, the breach occurred due to Dexiga's failure to secure a logging database properly, leaving it vulnerable to anyone with the database's public IP address. Upon notification from TechCrunch, Dexiga promptly took the database offline to mitigate the risk.
The compromised database contained personal details such as names, contact information, and addresses. While some information was obscured, it remained unencrypted, raising concerns about data security.
TechCrunch also uncovered an internal user account associated with Dexiga's founder, though Dexiga sought to downplay the incident's severity. The company claimed that the exposed information was publicly available and asserted that no sensitive data had been compromised. Dexiga attributed the breach to a log migration process conducted in January, though the exact exposure date was not disclosed.
Despite Dexiga's assurances, details about the extent of the breach and plans for notifying affected individuals remain unclear. Dexiga stated that investigations are ongoing, and it committed to implementing measures to prevent similar incidents in the future.
As of now, WinStar has not issued any public statement regarding the security breach, leaving users uncertain about the safety of their personal information.
By fLEXI tEAM
Σχόλια