ONLINE GAMBLING OPERATOR NIGHTMARE AT BET24
27th July, 2011 at 03:04:31
Belated warning to players follows arrest of one accused
The nightmare of every online gambling operator - a possible theft of sensitive and private financial information on customers - appears to have become a reality for the Malta-licensed internet betting site Bet24.com.
The company warned customers on Monday that their personal data may have been exposed by a breach that took place in December 2009.
Alarmingly, it appears that the management is only advising clients of the breach some 19 months after it occurred, nevertheless reassuring them that it had taken other measures, including resetting passwords, at the time of the incident.
"We have been informed by police authorities that they have arrested third party individuals who were in possession of unauthorised copies of personal customer information relating to various companies including Bet24," explains a communication to players from Thomas Petersen, chief executive of the company.
"The Bet24 customer information was stolen from Bet24 by means of illegal electronic access to our database, which is believed to have taken place in December 2009. We have no information to indicate any unauthorised access to our database or breach of our security systems since December 2009, and we have no reason to believe that accounts registered after 31 October 2009 are affected in any way."
Data stolen from Bet24 included customer names, addresses, email addresses, user account IDs, account passwords and encrypted payment card numbers. The company has admitted that the stolen data had been used in instances of fraud on its site, adding that victims had been reimbursed.
"The stolen information is so far known to have been used to access a limited number of customers' Bet24 accounts, third-party accounts and personal email accounts," Petersen wrote. "A small number of customers have alerted us to unauthorised activity on their Bet24 accounts and we have fully reimbursed them for any financial loss incurred on their accounts."
Hackers obtained the information after gaining access to Bet24's database. Exactly how this was achieved remains unclear, with the gambling site advising that it is continuing to work with unnamed police authorities in their investigation into the breach.
Bet24 said it had carried out a security audit following the breach, and had reset customer passwords of accounts registered before the end of October 2009, the only accounts exposed by the breach, early last year.
The company urges all customers to continue to monitor their bank and online gaming accounts for suspicious activity and to avoid the practice of using the same password on multiple sites. Customers who used a Bet24 password for their email account are encouraged to change log in information as a precaution.
The company's July 25 warning was particularly addressed to players with Bet24 accounts registered prior to October 31 2009 and assures players that the encrypted payment card information has not "to our knowledge" been decrypted, with a subsequent review by internet security specialists confirming that the level of encryption on the site is very high.
"In addition, no payment card security codes are stored on the Bet24 database," the communication advises.
"We are working closely with the police authorities to establish how the information was stolen, how it has been used, and which customers are affected," the advisory emphasises. "We implemented a thorough security review in 2010, which included an audit by industry specialists and simulated hacker penetration tests, and we have further upgraded the security of our network.
"The Bet24 passwords for all customers who had registered accounts as at 28 April 2007 were reset during 2010. We continue to monitor our systems and customer transactions constantly, and to upgrade our systems regularly."
The communication ends with recommended action security points for players with accounts registered as at April 28 2007::
-If you have ever used your Bet24 password for your email account, then please immediately change your email account password and then change all passwords that you use for any other accounts including your BET24 account
-If you have not used your Bet24 password for your email account but have used it for any other services or accounts, please immediately change the passwords for such services or accounts
-If you believe that your Bet24 account has been compromised in any way, please contact us immediately by email at firstname.lastname@example.org
Bet24 is associated with Nordic Betting, and is licensed by Malta's Lotteries and Gaming Authority regulator. Casino software is from Net Entertainment, with poker through Ongame and sports betting on the Parspro platform.
Related News Tags: Crime, Expo, Malta, Net Entertainment