According to reports, a major sports betting company, BetMGM, suffered from a cybersecurity incident that allegedly stole the data of over 1.5 million users.
A cybercriminal going by the alias “betmgmhacked” went to a hacking forum to post an advertisement for a database containing “all BetMGM casino customers as of November 2022”.
The database, according to the attackers, contains sensitive data of 1,569,310 users. Data varies by customer but includes names, contact information (postal address, email address, phone numbers, etc.), dates of birth, social security numbers (encrypted), account IDs and transaction details BetMGM – loads of information for serious identity theft (opens in a new tab) campaign.
Master Casino Datasets
“The database includes every customer of BetMGM Casino (over 1.5 million) as of November 2022 from MI, NJ, ON, PV and WV. Every customer who has placed a bet at the casino is included in this database,” the ad reads.
In addition, the attackers claim that the database contains user data for BetMGM casinos in New Jersey and Pennsylvania, as well as a “Master Casino” dataset containing customer information from all US states.
Since the announcement was made, the company has confirmed its authenticity in a press release published earlier this week. BetMGM said in it that the incident was discovered in November 2022, but it most likely happened earlier – most likely in May.
“BetMGM currently has no evidence that patron passwords or account funds were accessed as a result of this issue,” reads the press release. “BetMGM’s online operations were not affected. BetMGM is cooperating with law enforcement and taking steps to further enhance security.”
The company warned its customers that “unsolicited communications” and “suspicious activity” could be expected in the coming days and weeks.
There was no word on the methodology or tools used in the data breach, or whether malware or phishing sites were involved.
Through: Beeping Computer (opens in a new tab)