WinStar Casino was the victim of a major data breach when startup Dexiga left open access to its customer database. The incident came to light thanks to a TechCrunch investigation and discovery by researcher Anurag Sen.
WinStar, located in Oklahoma, is known for its casino and resort hotel, as well as the popular My WinStar app, which allows guests to self-serve and view bonus points and winnings. The developer of the application was the startup Dexiga from Nevada.
Dexiga left one of its databases open without a password, exposing customers’ personal information for public viewing. The leaked information includes customers’ names, phone numbers, email addresses and home addresses. After being notified by TechCrunch, the database was immediately taken offline.
While Dexiga claims the leaked data was publicly available, the incident raises concerns about security and privacy standards in the industry. TechCrunch confirmed that the leaked information contained sensitive data, including gender, IP addresses, and even internal accounts. Dexiga and WinStar have yet to respond to inquiries about the steps they will take to notify customers of the breach of their personal information.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.