Data of 500,000 Betway gambling customers being allegedly sold on hacker forum
This month, Security Report has come across a hacker forum thread in which a seller claims to sell details of 500,000 Betway customers based in the UK.
The seller leaked a part of this data, 10,000 records to be specific, for the potential buyers to view.
Betway is a global online gambling company offering its players casino and poker games. Betway’s different brands include Betway Sportsbook, Betway Casino, Betway Vegas, Betway Bingo and Betway Poker.
Hacker selling Betway UK customers’ data
A user on a hacker forum is allegedly selling data of half a million British gambling customers of Betway.
For proof, the seller released 10,000 records at almost no cost, given most users who frequent this forum can easily earn enough points to view hidden content—such as by performing certain activities or building a reputation over time.
“This will include only 10k for your enjoy. DM me for the complete export
Headers: firstname lastname address DEPOSIT BALANCE or LOSS country PHONE and EMAIL,” states the seller in the post.
Data could be abused in spear phishing attacks
Security Report analyzed the partial dump posted by the threat actor with 10,000 Betway customer records.
Although there are no passwords leaked in this export, the specific data can be used in sophisticated spear-phishing attacks to target Betway customers in Britain.
For example, knowing the customers’ full name, email address, phone numbers, address, and their winning/loss and deposit amounts, attackers can craft phishing emails and communications (vishing or smishing attacks) that look far more realistic and legitimate.
When asked by a potentially interested buyer how recent this data was, the seller responded the database was up to 6 months old.
What remains debatable is the authenticity of this data. It is also not clear if this data was obtained as a result of Betway suffering a data breach.
Security Report reached out to Betway multiple times, but we have not heard back by press time.