PokerBaazi says that any data accessed in an alleged “breach” was just from dummy test accounts. [Shutterstock.com]
Site says all is well
A spokesperson for PokerBaazi told Indo-Asian News Service that there “is no security breach” at the gambling site. The statement came as a response to accusations that a security breach at PokerBaazi had exposed user data.
came from “dummy accounts/users”
PokerBaazi’s spokesperson further clarified that the data which was reported as stolen came from “dummy accounts/users” that were used by the company’s internal testers and developers.
Alleged security breach
Early on Monday, security researcher Anurag Sen reported the “breach” at PokerBaazi to XposedOrNot. The press picked up on the story and reported on Sen’s claims.
Sen explained that the data was exposed by “a misconfiguration in the system” that allowed easy access to “anyone with knowledge of the database’s IP.”
Nobody is sure how much more exposed data will be found.
The data allegedly included the full names and addresses of customers, as well as email addresses, locations, and authorization tokens. Sen provided further concerning details – for example, the breach had exposed at least six gigabytes of data and researchers have been uncovering more data as they continue to investigate. Nobody is sure how much more exposed data will be found.
According to Sen, this data had been available online for at least two months and remains “available on the internet without protection.”
PokerBaazi is India’s biggest poker site with more than 2 million registered users. Given the importance of security to customers, a breach of this scale – and PokerBaazi’s slow response to the breach – would have created a significant opportunity for the company’s competitors.
The Indian government’s approach to regulating online gambling is in constant flux at both federal and state levels, so it is an important time for the industry to put its best foot forward.
A quick response
Understandably, the team at PokerBaazi was keen to set the record straight as soon as possible. The company’s spokesperson issued a comment later on Monday, clarifying the mix-up.
The spokesperson explained that the “server had been kept publicly open for establishing a proof of concept with an external and reputed tool which helps in monitoring applications logs.”
We have reached out to Sen for further comment but have not yet received a response.