Major sports betting firm BetMGM has reportedly suffered a cybersecurity incident, with the data of more than 1.5 million users allegedly stolen.
A cybercriminal going by the pseudonym “betmgmhacked” posted an advertisement on a hacking forum for a database containing “every BetMGM casino customer as of November 2022.”
According to the attackers, the database contained sensitive data for 1,569,310 users.Data varies from customer to customer, but includes name, contact information (postal address, email address, phone number, etc.), date of birth, social security number (hashed), account identifiers and BetMGM transaction details – massively intel credible identity theft (opens in a new tab) Activity.
Master Casino dataset
“The database includes every BetMGM casino customer (over 1.5 million) from Michigan, New Jersey, Ontario, PV, and West Virginia as of November 2022. Anyone who has placed a casino wager in the database,” the ad wrote in.
Additionally, the attackers claim the database contains data from BetMGM casino users in New Jersey and Pennsylvania, as well as a “Master Casino” dataset containing customer information from all US states.
Since the ad’s release, the company has confirmed its authenticity with a press release issued earlier this week. In it, BetMGM said the incident was discovered in November 2022, but it likely happened earlier – most likely in May.
“BetMGM currently has no evidence that customer passwords or account funds were accessed in connection with this issue,” the release read. “BetMGM’s online operations have not been compromised. BetMGM is coordinating with law enforcement and taking steps to further strengthen its security.”
The company warned its customers to expect “unsolicited communications” and “suspicious activity” in the coming days and weeks.
There was no word on the methods or tools used in the data breach, nor did it say if any malware or phishing pages were included.
pass: Beep computer (opens in a new tab)