Gaming platform’s misconfigured cloud server led to exposure of 23 million records

VIPGames, an online platform that provides for free classic board and card games, exposed more than 23 million records for more than 66,000 users, reported Threatpost. The exposure was discovered by researchers with WizCase when scanning the internet for open servers. Among the records exposed were usernames, emails, IP addresses, hashed passwords, Facebook, Twitter and Google IDs, bets and even data on players who were banned from the platform. VIPGames  acknowledged in a statement an issue that potentially exposed user profiles. “We would like to clarify that this was a temporary misconfiguration, NOT an attack, hack, or breach," the company stated. "There are no records of any data being leaked. This misconfiguration was disclosed to us by a team of white hat penetration testers,” the company publicly stated. “The misconfiguration was resolved in less than two hours. Information about this was responsibly disclosed by the team at WizCase – cyber security research team.”