Underground online casino exposes 850K users


Fixbet, an underground online casino that’s largely aimed at the Turkish market, has exposed hundreds of thousands of its users, potentially endangering them as gambling is mostly prohibited in Turkey.

While gambling is never a financially responsible decision, it’s even more dangerous in places where it’s illegal. Take Turkey, where land-based and online gambling is prohibited.

To avoid the all-seeing eye of the law, online casinos turn to the shadows. For example, Fixbet, a Turkish and English language online casino, registered in Venezuela, operates via a hidden URL, accessible only via the Tor network.

ADVERTISEMENT

However, lurking in the shadows doesn’t prevent mistakes. The Cybernews research team discovered an exposed Fixbet’s MongoDB database with details on over 850,000 of the casino’s customers.

Businesses employ MongoDB to organize and store large swaths of information. For example, the Fixbet-owned MongoDB database stored details such as:

  • Usernames
  • Passwords in plain text
  • Email addresses
  • Full names of users
  • User countries
  • Addresses
  • User-agent details
  • IP addresses
  • Cookies
  • Service information
Fixbet data sample
Sample of the leaked data. Image by Cybernews.

Additionally, the open database held internal access panel details, such as server logs, Server Message Block (SMB) logs, and email logs. According to the team, the database was most likely exposed due to human error. Fixbet has since closed down the instance, and it is no longer publicly accessible.

We reached out to Fixbet for comment but did not receive a reply before publishing.

Our researchers say that attackers could potentially employ the exposed details for nefarious purposes, for example, cyberstalking and harassment. In extreme cases, malicious individuals may use personal information to harass or stalk individuals, both online and offline.

“Since the data is extremely sensitive, coming from a gambling platform, it can easily lead to direct financial loss through unauthorized access to other gambling platforms, where affected users re-use their credentials,” the team said.

ADVERTISEMENT

Leaking information from an underground platform can also cause major issues. Since the database belongs to an underground casino and its Türkiye-based users are violating the law for using it, attackers could resort to blackmailing the casino’s users.

Additionally, malicious actors could use the data for further data breaches, various phishing, and credential stuffing attacks.