Earlier this week, ZDNet broke the news that online gaming group, Mountberg Limited, based out of Cyprus, leaked information on over 108 million bets, including customers’ personal information, deposits, and withdrawals, from an ElasticSearch server that was left exposed online without a password.

It is not known who managed the database, but many of the referenced casinos operate under a parent company called Mountberg Limited. Each of these casinos was also operating under the same 1668/JAZ license number issued by the Curacao eGaming authority. The exposed database appeared to contain the betting information for numerous online casinos such as azur-casino.com, easybet.com, stakes.com, viproomcasino.com, casinogym.com, crazyfortune.com, luckyluke.com, and kahunacasino.com.

Customer data such as real names, home addresses, phone numbers, email addresses were just some of sensitive information leaked from this common ElasticSearch server.  This means anyone who found the database would have known the personal details of players who recently won large sums of money, and used that information to scam them in any number of ways.

Just last week we wrote about Voipo, a telecoms company the provides VoIP services, exposing millions of customer call logs, SMS message logs, and credentials due to a similar reason — their ElasticSearch database wasn’t password protected.

Why are so many ElasticSearch databases being exposed? 
ElasticSearch is an open source, standalone database server developed in Java. Basically, it is used for full-text-search and analysis. It takes in unstructured data from various sources and stores it in a sophisticated format that is highly optimized for language based searches.

Like so many AWS, GCP, Azure, and Alibaba cloud services, ElasticSearch Service is an incredibly powerful and useful service. It is also very challenging for IT professionals, developers, and engineers to consistently configure these powerful services in a way that mitigates security and compliance risk.

First, it is a daunting task to learn about how to configure ever-evolving cloud services correctly — it is like drinking from a firehose. Second, it is even more daunting to know how to do this relative to the security standards (e.g., CIS Benchmark or NIST CSF) and regulatory frameworks (e.g., PCI DSS or HIPAA) that a company chooses to or must comply with. And lastly, it is difficult for any one person or group of people to achieve 100% consistency in applying these standards at the speed and throughput that we ask our tech teams to operate.

What’s the solution? 
Organizations need an automated cloud security solution that provides the automation essential to enforce policy, thus reducing risk, provide governance, impose compliance, and increase security across large-scale hybrid cloud infrastructure. Security automation should take the pain out of making cloud infrastructures secure in a shared responsibility world by providing a framework for what organizations should be doing via a continuous, real-time process.  By utilizing security automation, companies can stay agile and innovate, while maintaining the integrity of their technology stack and apply the policy they deem necessary to operate their business.

Core to a company’s solution should be an easy-to-use interface from which clients can manage their existing cloud infrastructure. At scale, policy enforcement cannot and should not be performed manually. Security automation can discover and automatically take action to address policy infringements or security issues(like an exposed ElasticSearch Database). It also allows for simultaneous offense and defense, resulting in increased innovation and a reduction of risk.

Interested in learning more? Speak with a DivvyCloud expert today!

DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).  First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.