ADVERTISEMENT

Gamblers’ data compromised after casino giant fails to set password

One of the biggest online casinos in Mexico has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling. The data was likely compromised by unauthorized actors.

Strendus online casino

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Nov 14, 2023 Updated: 15 November 2023 3 min read
Strendus stats
Amount of leaked data. Source: Cybernews
  • Usernames
  • Names
  • Government ID numbers (CURP)
  • Phone numbers
  • Email addresses
  • Home addresses
  • Dates of Birth
  • Gender
  • KYC status
  • IP addresses used to register for an account
  • IP addresses used to log in
  • Deposit amounts
  • Withdrawal amounts
  • Notes on users, submitted by admins and customer support agents.
Amount of IoC on Strendus
Amount of IoC. Source: Cybernews
Strendus user profile
Strendus user profile. Source: Cybernews
ADVERTISEMENT

Cybersecurity neglect endangers gamblers

Strendus user security log
User security log. Source: Cybernews
Strendus notes on users
Notes on users, submitted by admins and customer support agents. Source: Cybernews

Staying safe

  • Since CURP numbers can not be changed, if you were affected by the leak, you should monitor for any unauthorized changes on government websites, keep an eye on your credit score, and ensure that all accounts that use this number are using strong passwords and two-factor authentication (2FA).
  • You should change your email password. Strong passwords should be unique, have not been used before, be at least 12 symbols long, and contain uppercase and lowercase letters and special symbols. It is easy to create strong passwords using a unique password generator tool.
  • Even though the credentials were not exposed, leaked emails could pose a risk of credential-stuffing attacks against Strendus casino accounts, as threat actors could use the leaked data from previous breaches. You can use a leaked password-checking tool to know if any of your passwords were leaked online. Make sure that the leaked passwords are not reused on any of your accounts.
  • Leaked email addresses can be used to send unsolicited communications, such as spam or phishing emails. You should be wary of receiving such emails and not click any suspicious links in emails.
  • You should ensure that all accounts connected to a leaked phone number are secured with strong passwords and 2FA.
  • To increase security, switch to using time-based one-time passwords (TOTP) instead of SMS-based 2FA or change the phone number.
  • If you believe that you may be at an increased risk of direct cyber attacks, it's advisable to contact your internet service provider and request a change in your IP address to safeguard your local network.
ADVERTISEMENT