VIP Games October Issue Promptly Resolved
The security team of VIP Games recently made a thorough investigation of an issue that potentially exposed user profiles and bans issued. The misconfiguration was resolved in less than two hours. Information about this was responsibly disclosed by the team at WizCase – cyber security research team.
Their report brought to attention an Elasticsearch server misconfiguration that occurred with one of our servers that was part of our backup log and stored user data older than six months. The event took place on October 5th, and it was resolved within two hours by our team. Sensitive information was not compromised during the aforementioned time frame. User IDs, transactions IDs and social tokens only make sense in our application and can not be used to trace or uncover the identity of the user that was registered or banned by us.
We have since revised our stack to no longer include this type of data storage in any of our environments. Additionally, our team has implemented further improvements to secure all user data.
We would like to clarify that this was a temporary misconfiguration, NOT an attack, hack, or breach. There are no records of any data being leaked. This misconfiguration was disclosed to us by a team of white hat penetration testers.
VIP Games considers the privacy, protection and security of its users as the highest priority and most important task.
We also take into consideration the nature of our audience: socially active gaming fans. The majority of which are proactive and seek no less than a perfect experience within our platform.
We, the VIP Games team, would like to extend our thanks and apologies for the minor lapse, and to assure everyone that we have taken all necessary steps to resolve the issue. We have conducted a comprehensive review of our IT and security systems, and we remain dedicated to the protection and safety of our gaming community.