For Sale: BetMGM Customer Data
If you think the hacking of DraftKings accounts were bad a few weeks back, here comes BetMGM.
In the case of the later, customer accounts were actually compromised way back in May of this year (2022 since we're about to exit it). BetMGM only disclosed the breach in recent days.
This one is almost certain to draw the ire of state regulators. Well, maybe.... Massachusetts commissioners just approved the company for a mobile sports betting license.
From Hackread.com:
As seen by Hackread.com, the attacker placed the stolen database up for sale the same day on BreachedForums, a cybercrime and hacking forum that surfaced as an alternative to the now-seized Raidforums.
In their post, the attacker claimed the database contained records dating from November belonging to every customer who had placed a casino wager. The message was posted on December 21st, 2022. The hacker also shared data samples. However, it wasn’t clarified how much they demanded to sell the database.
And the hackers weren't exactly shy about letter everyone know what they had seemingly accomplished.
“We breached BetMGM’s casino database current as of Nov 2022. The database is inclusive of every BetMGM casino customer (over 1.5M) as of November 2022 from MI, NJ, ON, PV, and WV. Any customer that has placed a casino wager is included in this database,” the hacker said.
MGM only confirmed the account compromises on December 21 even though they only first detected it on November 22, nearly five months after the actual hacking.
The news comes a few weeks after DraftKings admitted to a breach of several thousand customer accounts (believed to be around 67,000). They were able to notify customers within a 24 hour period.
DraftKings says that personal information compromised included customer names, phone numbers, addresses, email IDs, account balances, profile photos, previous transaction information, last password change date, and the last four digits of their payment cards. In some cases, the hackers were able to access phone numbers and have the two factor authentications diverted.
- Gilbert Horowitz, Gambling911.com