Casino Security and Cyber Attacks Against Casino Sites

Written by:
Payton
Published on:
Sep/29/2020

Physical and virtual casinos are enticing targets for criminals, and casino operators spend considerable time and money trying to make sure customer data and money stay safe. Casinos are similar in scale to banks in terms of currency and client base, so no wonder the attackers are keen to find a way in. With an industry worth billions and sites storing sensitive client data, proprietors must stay vigilant.

For players, the first step towards ensuring the security of their data is to play only at fully licensed casino sites. The UK Gambling Commission requires casinos to have extremely high safety standards, and only issues licenses to those that fully comply. 

Despite the best efforts of casino owners, there have been successful attempts to breach casino security in recent years. As online gambling continues to proliferate, it is more important than ever that the casinos stay two steps ahead of the hackers. 

How Cybercriminals Target Casinos

There are a number of ways that online casino security can be breached, with some easier to defend against than others. Recently, more gambling sites have been the victims of denied distribution of service (DDoS) attacks. This is less of a worry for the customers, but a huge problem for the casino. The attack is designed to shut the site down or slow it to the point where it becomes unusable. This type of attack can be carried out on behalf of unscrupulous competitors, and often leads to huge financial losses. 

Some big casino sites have fallen victim to DDoS attacks. In 2016, popular betting site William Hill lost an estimated £3 million when the site and app were closed down on a crucial night of the Champions League. More recently in 2018, PokerStars were forced to cancel tournaments and refund players as a result of a similar attack. 

Hacks and Scams on Client Data

While DDoS attacks are inconvenient, they are not usually a serious concern for the players. The site may close, but no data has been breached. Much more serious is the threat of hackers and scammers stealing client information, including credit card or bank details. This information can be used to gain access to customer financial accounts, or it is sold on to third parties.

Successful attacks on casino websites have been reported, although the industry likes to keep such breaches as quiet as possible. Known groups of hackers from China and North Korea have targeted more vulnerable sites in parts of Asia and Latin America.

Reputable sites employ end-to-end encryption to mitigate against such data theft. In the UK, players are protected by extremely stringent standards of security imposed by the UKGC. The biggest exfiltration of client data reported at a UK online casino took place in January 2020, when the Betsson subsidiary SuperCasino warned its customers that their information had been compromised

Details remain unclear over many such security failings, and in some cases it is not immediately obvious if hackers are involved or not. Casinos have been known to accidentally leak or expose customer data due to their own carelessness. In January 2019, an open database was discovered to contain the details of millions of individual wagers, although full financial data was not made available. Casinos that fail to adequately protect their client information face enormous fines, not to mention the loss of their license. 

Land Casinos Safe from Cyberattack?

You may think that cyber crime applies only to casino websites, but that is not entirely true. In today’s digital world, even land casinos have vulnerabilities that can be exploited by hackers. In fact, the majority of cyber crime has targeted large brick and mortar establishments rather than purely online operations.

Land casino security is very sophisticated, covering aspects such as whole-property surveillance, customer facial recognition, and background checks on both players and employees. In the UK, advanced vault security is one requirement enforced by the UKGC. This can include access codes that are changed daily – just like in Ocean’s Eleven – and time-delay locks. 

Chips can be a target for robbers too, so there is inbuilt security protecting them as well. The chances of anyone pulling off a major heist at a land casino today is very small. One area where criminals can still infiltrate is via computer networks.

The increased connectivity of electrical items to the internet gives attackers another door into an otherwise secure system. One story that has been doing the rounds for a couple of years involves a large aquarium in a Las Vegas casino lobby. The story may be apocryphal – the casino has never been named – but the premise is credible. Hackers found that the tank’s smart thermometer was unsecured, and used it to get into the mainframe. 

More well-documented was the 2016 phishing scam on the Casino Rama in Canada. The resulting class action lawsuit was thrown out on the basis that the casino was not at fault, and the plaintiffs had not suffered any financial losses. Even so, the case made people understandably wary.

One Step Beyond – RSA Encryption

Some online casinos have started to adopt more robust security features in order to reassure their customers. One such system is known as RSA encryption, which is even more secure than the more commonly used SSL.

The cryptosystem uses a private and a public key, which are used to encrypt information before it is transferred via the internet (which is an insecure medium) and then decrypt it. The processes are somewhat too complex to go into detail here, but it is similar to the system used in blockchain to ensure the safe transfer of data. Online casinos that use this security can offer superior safety to their clients.

Casino security can never remain static. Cyber criminals are constantly finding new ways to gain access to sites and customer data. In order to stay ahead, casinos must ensure that their online security keeps evolving to stay at the cutting edge of the available technology. 

 

Online Casinos News

Is Mobile Gambling Killing the Desktop Casino?

Over the last decade, gambling has followed the rest of the internet into the palm of our hands. Gambling used to be a desktop-first experience, but now it’s shifted to mobile as phones and tablets have grown more powerful, faster, and easier to use. It’s so convenient to use your phone to play from anywhere that it’s changed how people interact with casino games. Yet some players and operators still cling to the desktop experience. So, is mobile gambling just the new normal, or is it replacing desktops altogether?

Why Toshi.bet Is the Ultimate Choice

Toshi.bet lets you bet instantly with crypto, skip ID verification, enjoy instant withdrawals, and play provably fair games like Crash, Dice, and Plinko — all with full anonymity.

9 Casino Games You Need To Try In 2025

 

Most gamblers find a game they enjoy and stick to it. But this can really limit your casino experience. There are many classic table games that you may never have considered, as well as game varieties within your favorite genres.

How to Stay Safe When Playing at Online Casinos in the US

 

Gambling911.com has been a trusted voice in online-gaming safety since 2003, delivering expert analysis and up-to-the-minute news. In this guide, our Chief Casino Industry Correspondent, B.E. Delmer, an engineer turned gaming expert, walks you through every step of a secure registration and casino login process, drawing on both technical rigor and a passion for responsible play.

The Ancient Game That's Now Spinning for Millions

Spadegaming recently dropped something special - Mahjong Riches, a slot game that takes the classic Chinese tile game and gives it a modern twist. With 3,600 ways to win on an unusual 3-4-5-5-4-3 reel setup, this game breaks the mold of usual Asian-themed slots.

Syndicate

Subscribe to Syndicate
More