Sports betting giant BetMGM reveals data breach, customer data stolen
Major sports betting company BetMGM suffered a cybersecurity incident that resulted in the data of allegedly more than 1.5 million users being stolen, reports have claimed.
A cybercriminal going under the alias “betmgmhacked” took to a hacking forum to post an ad for a database containing “every BetMGM’s casino customer as of November 2022”.
The database, as per the attackers, contains sensitive data on 1,569,310 users. The data varies from customer to customer, but includes names, contact information (postal address, email address, phone numbers, etc.), dates of birth, Social Security Numbers (hashed), account identifiers, and BetMGM transaction details – plenty of intel for a solid identity theft campaign.
Master Casino data sets
“The database is inclusive of every BetMGM casino customer (over 1.5M) as of November 2022 from MI, NJ, ON, PV, and WV. Any customer that has placed a casino wager included in this database,” the ad reads.
Furthermore, the attackers claim the database carries data from BetMGM casino users in New Jersey and Pennsylvania, as well as a “Master Casino” data set, holding info on customers from all US states.
Since the ad was posted, the company confirmed its authenticity via a press release published earlier this week. In it, BetMGM said the incident was discovered in November 2022, but most likely took place earlier – most likely in May.
> Stolen MGM Resorts customer data dumped on Telegram for free
> DraftKings reveals thousands of customer accounts hit by cyberattack
> Check out the best firewalls right now
“BetMGM currently has no evidence that patron passwords or account funds were accessed in connection with this issue,” the press release reads. “BetMGM’s online operations were not compromised. BetMGM is coordinating with law enforcement and taking steps to further enhance its security.”
The company warned its customers that “unsolicited communications” and “suspicious activity” could be expected in the days and weeks to come.
There was no word on the methodology or tools used in the data breach, and whether or not any malware, or phishing pages, were included.
- Here’s our rundown of the best endpoint protection services around