Connect with us

Latest News

Popular Gambling App Exposed Millions of Users in Massive Data Leak

Published

on

Reading Time: 5 minutes

 

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach on casino gambling app Clubillion.

The breach originated in a technical database built on an Elasticsearch engine and was recording the daily activities of millions of Clubillion players around the world.

Aside from leaking activity on the app, the breached database also exposed private user information.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

With this information publicly available, Clubillion’s users were vulnerable to fraud and various online attacks with potentially devastating results.

Company Profile

Clubillion is a free online casino game available for iOS and Android, offering players 30+ free slot games. While each app is listed under a different developer – Ouroboros on iOS and T7 Games on Android – these are most likely owned by the same company.

Both versions of Clubillion were released in 2019 and became instant hits. Each is now ranked the #1 ‘social slots’ casino app on Google Play and the App Store, with a 4.8 star on both.

Timeline of Discovery and Owner Reaction

Sometimes, the extent of a data breach and the owner of the database are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, the database was built on Elasticsearch and hosted on Amazon Web Services (AWS), with Clubillion’s name on its apps, and links to assets owned by the company.

Once Clubillion was confirmed as the owner of the database, we reached out to the developers. While awaiting a reply, we also contacted AWS with details of the leak. It was closed a few days later.

  • Date discovered: 19th March 2020
  • Date vendors contacted: 23rd March 2020
  • Date of contact with AWS: 31st March 2020
  • Date of Action: Approx. 5th April 2020

Example of Entries in the Database

Clubillion’s exposed database contained technical logs for millions of Clubillion users around the world, on both iOS and Android devices. Every time an individual player took any action on the app, a record was logged. Examples of records include:

  • “enter game”
  • “win”
  • “lose”
  • “update account”
  • “create account”

During our investigation of the database, new entries continued to appear continuously. We estimated an average of approximately 200 million records per day – and sometimes, considerably more.

In total, this amounted to over 50GB of exposed records in the database every single day.

Within many of these records, were various forms of user Personally Identifiable Information (PII) data, including:

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)
  • IP addresses
  • Email addresses
  • Winnings
  • Private messages

This data breach was truly global, with millions of records originating from Clubillion’s daily users all over the world. The following list is just a sample of countries affected, along with the average number of daily users from each country:

  • USA – 10,000+
  • UK – 2,475+
  • France – 1,650+
  • Israel – 408+
  • Germany – 1,582+
  • Spain – 1,026+
  • Italy – 2,407+
  • Netherlands – 622+
  • Australia – 6,251+
  • Canada – 7,792+
  • Brazil – 3,859+
  • Sweden – 191+
  • Russia – 547+

Other countries affected included Uzbekistan, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Pakistan, Thailand, Austria, Hungry, and Latvia.

As you can see, on a single day, 10,000s of individual Clubillion players were exposed. Each one of these players could be targeted by malicious hackers for fraud and cyberattacks – along with millions more whose records were also contained in the database.

Data Breach Impact

Studies have shown that free gambling and gaming apps are especially prone to attacks and hacking from cybercriminals. They are routinely targeted for theft of private data and embedding malicious software on users’ devices.

Despite their popularity, gambling and casino apps often lack transparency, and it can be impossible to know what steps they’re taking to prevent cybercriminals successfully targeting their users.

One study of 23,000 free gambling apps found that: 3,200 posed a ‘moderate risk’ to users; 379 had known security vulnerabilities; 52 contained malicious software.

Any of these issues could be exploited to target app users in a wide range of frauds and cyberattacks, and Clubillion is no different.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

With the exposed user PII and knowledge of their activity on the app, hackers could create elaborate schemes to defraud users. For example, some entries also included transaction errors for attempted card payments on Clubillion.

With the information in these transaction errors, hackers could target users with phishing campaigns, with the following aims:

  1. Trick them into providing their credit card details
  2. Trick them into providing additional PII to be used against them in further fraud
  3. Clicking a link that embeds malware, spyware, or ransomware onto their device.

If cybercriminals used Clubillion to embed malware or similar onto a user’s phone, they could potentially hack other apps, access files stored on the device, make calls, and send texts from the hacked device. They could even access a user’s phone contacts and steal the PII data of their friends and family.

Worse still, as people across the globe now find themselves under quarantine or self-isolation, as a result of the Coronavirus pandemic, the impact of a leak like this is potentially even more significant.

Clubillion stands to gain many new users, along with regular users playing more frequently. Hackers will be aware of this and looking for opportunities to exploit any vulnerabilities in the data security of such a massively popular app.

Had criminal hackers discovered Clubillion’s database, they could have targeted millions of people around the world, with devastating results.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Impact on Clubillion and it’s Developers

The most immediate risk for Clubillion is the loss of players. Data security is a growing concern for everyone these days, and this leak could turn many players off the app. Clubillion is not unique, and players have plenty of other choices for free gambling apps.

With fewer players, Clubillion will lose advertising revenue and reduced profits.

As many of Clubillion’s players reside within the EU, the app is under the jurisdiction of GDPR. The rules of GDPR also apply to apps, and Clubillion will need to take specific actions to ensure the regulatory body in charge doesn’t reprimand it.

Finally, Clubillion could also potentially be removed from Google Play and the App Store. Both Apple and Google are clamping down on apps that pose a risk to their users, removing apps embedded with malware, and taking data leaks much more seriously.

Each of these outcomes has a different likelihood of happening, but they would all negatively impact Clubillion’s revenue and business.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Advice from the Experts

Clubillion’s developers could have easily avoided this leak if they had taken some basic security measures to protect the database. These include, but are not limited to:

  1. Securing their servers.
  2. Implementing proper access rules.
  3. Never leaving a system that doesn’t require authentication open to the internet.

Any company can replicate the same steps, no matter its size.

For a more in-depth guide on how to protect your business, check out our guide to securing your website and online database from hackers.

For Clubillion Users

If you play on Clubillion and are concerned about how this breach might impact you, contact the app’s developers directly to find out what steps it’s taking to protect your data.

To learn about data vulnerabilities in general, read our complete guide to online privacy.

It shows you the many ways cybercriminals target internet users, and the steps you can take to stay safe.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

How and Why We Discovered the Breach

The vpnMentor research team discovered the breach in Clubillion’s database as part of a huge web mapping project. Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities. They examine each weakness for any data being leaked.

Our team was able to access this database because it was completely unsecured and unencrypted. 

Whenever we find a data breach, we use expert techniques to verify the owner of the database, usually a commercial company.

As ethical hackers, we’re obliged to inform a company when we discover flaws in their online security. We reached out to Clubillion’s developers, not only to let them know about the vulnerability but also to suggest ways in which they could make their system secure.

These ethics also mean we carry a responsibility to the public. Clubillion users must be aware of a data breach that exposes so much of their sensitive data.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

The purpose of this web mapping project is to help make the internet safer for all users.

 

Source

Continue Reading
Advertisement

Latest News

Hold and Win brings intrigue to 1spin4win’s Japanese saga

Published

on

hold-and-win-brings-intrigue-to-1spin4win’s-japanese-saga
Reading Time: 2 minutes

Gentle Fox Hold and Win continues 1spin4win’s four-part Japanese-themed slot series, following Tiger’s Steps Hold and Win, April’s most-played slot by bet count.

While its official release date is May 29, Gentle Fox Hold and Win was selected for exclusive pre-release by leading casino platforms, including Irwin, Gizbo, Jet, Izzi, Fresh, and others — a clear sign that operators are actively seeking content that combines originality with commercial impact.

Being the second title in the series, the game invites players to uncover the story of Tomoko-hama — the dangerously charming geisha known as the Gentle Fox — whose wit, beauty, and cunning hide a deeper motive.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Set in the shadow of Mount Fuji, Gentle Fox Hold and Win picks up the narrative thread that began in the first game of the series, drawing players further into a carefully crafted storyline. Years after being taken from her village and brought to the shogun’s castle, Tomoko-hama now tests the will and bravery of those who enter her tea house.

The core challenge of the game is the Hold and Win feature, triggered by landing three or more golden Coins. Players must then fill the Bonus reels with more Coins for the chance to win big, including the x100 Minipot Coin and the elusive x1,000 Megapot.

Olga Bogdanova, the Art Director at 1spin4win, commented, “The second slot in our Japanese-themed series keeps the rich atmosphere of the first but adds a deeper, more intriguing layer. Designed in warm tones, the game gently draws you into a world where calm hides a silent secret.”

Despite the narrative depth, the gameplay remains easy to understand with medium volatility and 97.1% RTP, which is in line with 1spin4win’s signature approach to slot design: simple mechanics, high engagement, and intuitive play for all levels of players.

As this new chapter opens, players move one step closer to the final clash that awaits in the series’ concluding release. Until then, all eyes are on Tomoko-hama — the Gentle Fox — and the secrets she’s yet to reveal.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

About 1spin4win

1spin4win is a fast-growing game provider founded in May 2021 by ambitious developers with over 15 years of experience in the gambling industry. Since its inception, the company has expanded its portfolio to include over 150 classic online slots, all characterized by quality mathematics, transparent mechanics, and well-balanced gameplay — key factors that drive strong player retention. The studio consistently releases an average of four new games each month and offers effective promotional tools for casino operators to help them enhance player loyalty.

The post Hold and Win brings intrigue to 1spin4win’s Japanese saga appeared first on European Gaming Industry News.

Continue Reading

Latest News

Rafael Gállego, BetBrothers: “SEO Is Still One of the Most Powerful and Scalable Channels”

Published

on

rafael-gallego,-betbrothers:-“seo-is-still-one-of-the-most-powerful-and-scalable-channels”
Reading Time: 4 minutes

Few industries evolve as rapidly as iGaming. Navigating its landscape requires more than just technical know-how, as it demands adaptability, local insight, and a user-first mindset.

We sat down with Rafael Gállego, SEO Manager at BetBrothers, to explore what makes organic traffic a lasting growth engine in such a competitive space. Rafael’s journey began in 2017 at Game Lounge, where he started as a content writer before transitioning into SEO. In early 2025, he joined BetBrothers, where he now plays a key role in shaping organic growth strategies for Spanish-speaking markets.

BetBrothers has a notable presence with its Spanish websites. From an SEO perspective, what are the differences when optimizing for the Spanish market compared to other regions?

When optimizing for Spanish-speaking markets, one of the first things we consider is that Spanish is not the same language everywhere. There are major differences between Spain, Mexico, Peru, and the rest of LATAM. Not just in vocabulary, but in search behavior and user expectations too.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

From an SEO point of view, this means our approach has to go beyond simple translation. We work with localized keyword research for each country, because the same query can have different volumes, intent, or competition depending on the region. For example, users in Spain might search for “apuestas online”, while in Mexico they’re more likely to use “apuestas en línea”.

Another key factor is building trust. In LATAM, elements like local payment options, bonuses in local currency, or even having a .mx or .pe extension can strongly influence user behavior. And indirectly, organic performance.

In short, SEO for Spanish markets requires a highly localized strategy that respects linguistic nuances, adapts to different user intents, and aligns with each market needs.

There’s some talk about SEO becoming less effective as a marketing channel. What are you actually seeing? Is it still a key growth tool for affiliates, or are things changing?

From our perspective at BetBrothers, SEO is still a core growth channel for affiliates. Especially in the betting and casino verticals. What’s changing is that it’s getting more competitive and more resource-demanding. It’s not that SEO is becoming less effective, but rather that the barrier to entry is higher than it used to be.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Google continues to evolve, and organic visibility is increasingly tied to E-E-A-T, technical health, UX, and content quality. That means affiliates can’t rely on quick wins or shortcuts anymore. You need a solid product, strong topical authority, and consistent effort to maintain and grow rankings.

That said, the intent behind SEO traffic remains unmatched. Users landing on affiliate pages through organic search are actively looking for information, comparisons, or to convert. That makes SEO one of the most valuable acquisition channels in terms of ROI.

So yes, things are changing, but SEO is far from dead. For affiliates who take it seriously, it’s still one of the most powerful and scalable channels.

With the rise of AI-generated content, and Google’s strong emphasis on E-E-A-T, how do you see its role? Do you think AI content can be effectively used by iGaming affiliates, or is a human touch indispensable for maintaining trust and rankings?

AI-generated content definitely has a role, especially when it comes to scaling certain types of content (like data-driven pages, FAQs, or supporting articles). At BetBrothers, AI helps us speed up processes and improve efficiency, but it’s not a substitute for human expertise.

In iGaming, trust and authority are key. And that’s where E-E-A-T comes in. Users (and Google) expect content to show experience, transparency, and relevance. That’s hard to fake. For example, when we write reviews, guides, or betting strategies, we make sure they’re backed by real insights, updated market knowledge, and a clear editorial voice. That requires a human touch.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

We’ve experimented with AI to support content creation, but every piece still goes through human review and editing. In this industry, credibility matters. So while AI is useful, it needs to be part of a broader content strategy focused on quality, accuracy, and user value.

When a significant Google algorithm update rolls out – say, a core update that shakes up rankings – can you walk us through BetBrothers typical process for analyzing the impact, identifying necessary adjustments, and implementing changes for your affiliate sites?

When Google rolls out a major algorithm update, we follow a clear, structured process to assess and respond.

First, we monitor key metrics across our portfolio (traffic, rankings, user engagement, etc) to quickly spot any significant changes. We rely on tools like Google Analytics, Search Console, and Ahrefs to identify which sites and pages are most impacted.

Then, we analyze the winners and losers within our niche to understand what Google is prioritizing. We look closely at factors like content quality, user experience, and technical SEO to identify patterns.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

For action, we focus on high-impact pages based on their traffic and revenue potential. Our main efforts target improving content depth, enhancing user experience, and strengthening E-E-A-T signals. Instead of broad, sweeping changes, we implement precise, data-driven adjustments and closely monitor their impact.

Throughout, we stay grounded in our core philosophy: delivering genuine value to users.

What technological or market shifts do you think could radically impact SEO in iGaming in the next five years?

We’re already seeing major shifts that are transforming SEO in iGaming, and that pace is only accelerating. One of the biggest changes is Google’s integration of AI into search through SGE (Search Generative Experience). As Google answers more queries directly — especially informational ones — traditional results are seeing lower visibility and CTR. For affiliates, this makes it even more important to focus on transactional keywords and build strong, recognizable brands that users trust.

Another ongoing shift is regulation. Markets like Spain, Mexico, and Colombia are constantly evolving. Changes — like a rumoured potential ban on welcome bonuses in Spain — can happen fast. When they do, SEO strategies need to adapt quickly.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

And looking a bit into the crystal ball, we also notice the possibility of search engines applying stricter filters to gambling content based on compliance trends. That could radically change how we approach SEO.

Lastly, the growing role of first-party data and UX signals is changing how we measure and optimize performance. At BetBrothers, we’re investing in collecting direct user feedback to better tailor our content. As Google rewards trust, engagement, and relevance, SEO in iGaming is becoming less about technical tweaks and more about product quality, user insight, and long-term credibility.

The post Rafael Gállego, BetBrothers: “SEO Is Still One of the Most Powerful and Scalable Channels” appeared first on European Gaming Industry News.

Continue Reading

Latest News

BonusFinder UK Survey: Public Trust in Online Gambling & Bonus Offers in 2025

Published

on

bonusfinder-uk-survey:-public-trust-in-online-gambling-&-bonus-offers-in-2025
Reading Time: 4 minutes

As conversations around gambling regulation and responsible gaming gain momentum in the UK, new research from BonusFinder reveals a complex public sentiment toward the online gambling landscape.

The nationwide survey, which was conducted in May 2025 and included 1,000 respondents, reveals that while the majority of Brits engage with online gambling platforms occasionally, concerns around transparency, trust and bonus terms remain prominent.

Usage patterns

Respondents were asked a series of questions on how they use online gambling platforms, the types of gambling they participate in the most, and if they claim the bonuses offered to them.

Overall, the usage of the platforms across the UK might not be as high as some expect, with 65% claiming they ‘rarely’ use gambling sites and 19% saying they only use the platforms ‘occasionally’.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

UK attitudes towards online gambling & bonuses in 2025 have become more lenient in comparison to previous years. The study found that younger Brits, those in the 18-24 bracket, were the least likely to use gambling platforms at 5%, whilst being the most likely to only use the sites ‘rarely’.

Of those asked, within that age bracket, 76% claimed they use gambling sites less than once a month. Meanwhile, 34-55 year olds are most likely to use sites multiple times a week, with 9% claiming so.

Self-employed Brits are the most likely to be using gambling platforms multiple times a week at 12%, this was followed by those who are unemployed at 11%.

Unsurprisingly, sports betting is the most common form of online gambling in the UK with 42% of respondents claiming that this is the type of gambling they participate in most often.

It was also the most popular form of betting across most of the age ranges, except for the two oldest brackets (55-64, 64+) whose most popular choice was ‘other’, which can include the likes of lottery and horse racing.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Bonus awareness & understanding

Around three in five (59%) Brits have claimed a welcome bonus or promotional offer from online gambling sites. However, even more respondents (63%) say that they rarely use casino betting bonuses outside of these welcome bonuses.

Only 3% of the respondents said they use bonuses almost every time they gamble, whilst 26% use them ‘occasionally’. Those who do use bonuses said they most frequently find them directly on the gambling site, with 64% saying so.

This was followed by finding them through social media or website ads (26%) and bonus comparison sites (13%).

Understanding of online casino terms (such as ‘wagering requirements’, ‘cashable vs.

non-cashable’) is quite clear amongst Brits, with 17% saying their understanding is ‘very clear’ whilst 42% say their understanding is ‘somewhat clear’.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Only 16% claimed they don’t understand the terminology at all. Additionally, 56% of Brits claim that they’ve been surprised by the conditions attached to some bonuses.

Confidence in regulation & industry fairness

Not just in the UK, but globally, the casino and gambling industry is often viewed with controversy, prompting a regulatory focus. However, there is no shortage of systems in place in the UK to ensure that these platforms are properly regulated.

On the other hand, despite this, the results show that Brits (understandably) still have their doubts about the systems in place. Overall, only 9% are ‘very confident’ that gambling sites are properly regulated, whilst 43% said they weren’t confident at all.

Older Brits (45-55 year olds) had the most confidence in sites being properly regulated, with 55% saying they’re confident; however, 65% of the eldest bracket (65+) said they had no confidence at all.

Many Brits also have doubts that the UK Gambling Commission are doing enough to protect customers. Only 19% said they thought that they do enough, 28% weren’t sure and 53% say they don’t protect customers at all.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

However, the most surprising statistic in this section of the survey is that over two-thirds of the respondents (67%) said they don’t know how to check if a gambling site is licensed in the UK.

Unfortunately, Brits also have doubts when it comes to bonus comparison and affiliate sites sharing fair and unbiased information. In the survey, 54% of Brits claimed they felt like they couldn’t trust them, whilst 31% say they weren’t sure if they could or not.

The primary concerns around gambling and casino sites amongst Brits were;

  • Addiction and gambling harm (32%)
  • Misleading bonus terms (21%)
  • Underage access (17%)
  • Data privacy (14%)
  • Unlicensed operators (13%)

UK perceptions & marketing

Almost half (45%) of Brits have a negative perception of online gambling sites, and 46% say that their view is ‘neutral’.

Despite earlier questions showing that the younger generation was the least likely to be using the sites on a regular basis, they were the most likely to have a positive view of the sites. Of the 25-34 year olds, 10% said they had a positive perception, this was also the same for the 35-44 age group.

Despite 42% of Brits saying that they feel that bonuses are advertised fairly only

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

‘sometimes’, 31% believe they aren’t all. Meanwhile 71% said they believe that bonus

promotions should be more strictly regulated.

When asked what would be their biggest confidence booster in regards to their use of online gambling and casino sites, the respondents said:

  • Clearer terms and conditions (22%)
  • Stronger licensing (15%)
  • UK-based customer support (15%)
  • Verified customer reviews (13%)
  • Faster payouts (12%)
  • Emphasis on responsible gambling tools (12%)
  • Publicly verified RTP (return to player percentages) (11%)

The post BonusFinder UK Survey: Public Trust in Online Gambling & Bonus Offers in 2025 appeared first on European Gaming Industry News.

Continue Reading

Trending

Offering comprehensive coverage on all aspects of the gaming sector, our daily posts include online and land-based gaming, betting, esports, regulatory and compliance updates, and technological advancements. Regular features encompass daily news articles, press releases, exclusive interviews, and insightful event reports.

The platform also hosts industry-relevant webinars, and provides detailed reports, making it a one-stop resource for anyone seeking information about operators, suppliers, regulators, and professional services in the European gaming market. The portal's primary goal is to keep its extensive reader base updated on the latest happenings, trends, and developments within the gaming and gambling sector, with an emphasis on the European market while also covering pertinent global news. It's an indispensable resource for gaming professionals, operators, and enthusiasts alike.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2024 - Gaming News Room is part of HIPTHER Agency. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania