News

Data of 500,000 Betway gambling customers being allegedly sold on hacker forum

This month, Security Report has come across a hacker forum thread in which a seller claims to sell details of 500,000 Betway customers based in the UK.

The seller leaked a part of this data, 10,000 records to be specific, for the potential buyers to view.

Betway is a global online gambling company offering its players casino and poker games. Betway’s different brands include Betway Sportsbook, Betway Casino, Betway Vegas, Betway Bingo and Betway Poker.

Hacker selling Betway UK customers’ data

A user on a hacker forum is allegedly selling data of half a million British gambling customers of Betway.

For proof, the seller released 10,000 records at almost no cost, given most users who frequent this forum can easily earn enough points to view hidden content—such as by performing certain activities or building a reputation over time.

“This will include only 10k for your enjoy. DM me for the complete export
Headers: firstname lastname address DEPOSIT BALANCE or LOSS country PHONE and EMAIL,” states the seller in the post.

Data could be abused in spear phishing attacks

Security Report analyzed the partial dump posted by the threat actor with 10,000 Betway customer records.

Although there are no passwords leaked in this export, the specific data can be used in sophisticated spear-phishing attacks to target Betway customers in Britain.

Image: 10,000 records found in sample set analyzed by Security Report

For example, knowing the customers’ full name, email address, phone numbers, address, and their winning/loss and deposit amounts, attackers can craft phishing emails and communications (vishing or smishing attacks) that look far more realistic and legitimate.

When asked by a potentially interested buyer how recent this data was, the seller responded the database was up to 6 months old.

What remains debatable is the authenticity of this data. It is also not clear if this data was obtained as a result of Betway suffering a data breach.

Security Report reached out to Betway multiple times, but we have not heard back by press time.

Ax Sharma

Ax Sharma is an Indian-origin British security researcher, journalist and TV subject matter expert with a focus on malware analysis and cybercrime investigations. His areas of interest include open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

12 months ago

Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites

Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…

12 months ago

Albanian Parliament and telco ‘One Albania’ suffer cyber attacks

The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…

12 months ago

Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks

The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…

12 months ago

Theme park giant Parques Reunidos hit by a ransomware cyber attack

One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…

2 years ago

Phishing kit screenshots your email domain on the fly to appear real

Phishing kit used by multiple hacked sites generates a log in page on the fly…

2 years ago

This website uses cookies.