>
Sports betting major BetMGM suffered a cybersecurity incident that led to the data of reportedly more than 1.5 million users being stolen, reports show.
A cybercriminal with the alias “betmgmhacked” took to a hacking forum to post an ad for a database of “every BetMGM’s casino customer as of November 2022”.
According to the attackers, the database contains sensitive data of 1,569,310 users. The data varies from customer to customer, but includes names, contact details (postal address, email address, phone numbers, etc.), dates of birth, social security numbers (hashed), account IDs, and BetMGM transaction details – a lot of information for a solid identity theft (opens in new tab) campaign.
Master Casino data sets
“The database contains every BetMGM casino customer (over 1.5 million) as of November 2022 from MI, NJ, ON, PV and WV. Every customer who placed a casino bet is included in this database,” the ad reads .
In addition, the attackers claim that the database contains data from BetMGM casino users in New Jersey and Pennsylvania, as well as a “Master Casino” dataset containing information on customers from all US states.
Since the ad was posted, the company has confirmed its authenticity through a press release released earlier this week. In it, BetMGM said that the incident was discovered in November 2022, but most likely happened earlier – most likely in May.
“BetMGM currently has no evidence that patron passwords or account funds have been used in connection with this issue,” the press release reads. “BetMGM’s online operations have not been compromised. BetMGM is coordinating with law enforcement and taking steps to further enhance security.”
The company warned its customers that “unsolicited communications” and “suspicious activity” can be expected in the coming days and weeks.
There was no word on the methodology or tools used in the data breach, or whether or not malware or phishing pages were included.
Through: Beeping computer (opens in new tab)