Online casinos and betting sites are being targeted by threat actors. Two major casino websites were hacked in a short time.
BetMGM is owned by MGM Resorts. MGM Resorts had 142,000,000 customer records stolen on Telegram in the . BetMGM was the most recent to be affected by a data breach.
BetMGM, an online betting site for sports, was recently subject to a data breach that resulted in the theft of information from 1.57 million customers. Hackread.com has revealed that the hacker placed the stolen data on sale at BreachedForums the very same day. This cybercrime and hacking forum was created as an alternative to the now seized Raidforums.
The attacker stated that the database held records from November and belonged to all customers who placed casino wagers. This message was published on December 21, 2022. Data samples were also provided by the hacker. It wasn’t clear how much the hacker wanted to charge for the data.
We have breached BetMGM’s current casino database as of November 2022. Every BetMGM customer from MI, NJ and ON (as of Nov 2022) is included in the database. The hacker stated that any customer who has made a wager on a casino is included in the database.
BetMGM, on the other side, posted a statement to its website that confirmed the attack on the exact date. December 21, 2022. According to the statement, hackers gained unauthorized access to the system of the company and stole patron records.
According to the company, it discovered a data breach in November 22, and believes that the intrusion took place in May 2022.
Which Data was Stolen
BetMGM says the data stolen includes name, addresses, email IDs and phone numbers. It also contains dates of birth, account identifications, hashed Social Security Numbers (SSNs), as well as transaction-related information about its customers.
According to that there is no evidence of password or account fund access. It urges customers to reset their passwords, and promises to provide credit monitoring and identity restoration services to impacted customers for up to 2 years.
DraftKings has been the victim of hackers in recent months and lost 68,000 customer’s private data. This on DraftKings saw the company fall prey to attackers who used stolen credentials to gain access and steal customer data.
Hackers also took funds out of victims’ accounts. Notable is the fact that Paul Liberman, the cofounder of the company, has victims’ funds were stolen by the hackers. It occurred on November.
DraftKings claimed it would recover the stolen funds. DraftKings sent notice letters to the affected customers Friday informing them of the leakage.
The letter stated that “Based upon our investigations to date, it appears attackers could have previously gained access at least to your username, email address, and password through a source other than DraftKings and used these credentials to log into your DraftKings Account.”
Which Data Was Exposed?
DraftKings says that the breached personal data could include customers’ names, telephone numbers, addresses and email IDs. It also includes account balances, photos of the customer, past transaction information, password changes, their last date for change, and last four digits from their payment cards.
There was no evidence to suggest that hackers had stolen Social Security Numbers or financial account numbers. DraftKings advised customers to immediately change their passwords and login credentials.
The company said that it had restored funds taken from accounts due to credential stuffing attacks. DraftKings identified the culprits.