A research team at WizCase found an open Elastisearch server that had no encryption or password protection. The server was traced back to a website, VIPgames.com, which is a popular free-to-play card game and board game platform that has over 100,000 Google Play downloads and around 20,000 active daily players. The site features a multitude of games and the developer has multiple similar sites. In the open server, over 30GB of data that included 23 million records were exposed. The researchers at WizCase picked out 66,000 user profiles that included their usernames, email addresses, device details, IP addresses, hashed passwords, social media profiles, transaction details, bets, and other information. The passwords were hashed using a Bcrypt algorithm. Bcrypt hashing is one of the most secure because it is time-consuming to crack, but a diligent attacker could still recover original passwords, especially if players chose common or simple passwords.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security