An anonymous reader shared a report. The startup that develops the phone app for casino resort giant WinStar has secured a public database that was leaking customers' personal information onto the open web. Oklahoma-based WinStar bills itself as “the world's largest casino” by square foot. The casino and hotel resort also offers an app called My WinStar. The app allows guests to access self-service options, reward points and loyalty benefits, and casino winnings during their hotel stay.
The app was developed by a Nevada software startup called Dexiga. The startup left one of its log databases on the internet without a password, so anyone with the public IP address can access WinStar customer data stored internally using just a web browser. Now it looks like this. Dexiga took its database offline after TechCrunch alerted the company to the security flaw. Anurag Sen, a sincere security researcher with a knack for discovering sensitive data accidentally published on the Internet, discovers a database containing personal information, but initially wonders who it belongs to. was unknown. Sen said his personal data included his name, phone number, email address and home address. Sen shared details of the exposed database with TechCrunch in an effort to identify the owner and uncover security flaws.