MGM Resorts-owned online sports betting company BetMGM confirmed suffering a data breach the same day hackers offered to sell a database containing the information of 1.5 million BetMGM customers.
MGM Resorts-owned online sports betting company BetMGM confirmed suffering a data breach the same day hackers offered to sell a database containing the information of 1.5 million BetMGM customers.
In a statement posted on its website on December 21, BetMGM said “patron records were obtained in an unauthorized manner”.
The company said the compromised information includes name, email address, postal address, phone number, date of birth, hashed Social Security number, account identifier, and information related to transactions.
“The affected information varied by patron,” according to the statement.
BetMGM claims there is no evidence that passwords or account funds were accessed by the hackers. However, the company still recommends changing passwords as a good practice, and it’s offering two years of free credit monitoring and identity restoration services to impacted individuals.
The sports betting firm said it learned of the incident on November 22 and believes the intrusion occurred in May 2022.
In a post on a popular cybercrime forum, someone claiming to be the hacker offered to sell a database containing nearly 1.57 million records dating from November 2022, allegedly associated with “any customer that has placed a casino wager”.
The hacker’s message, also posted on December 21, describes the type of data stored in the database, and it’s the same as the one mentioned in BetMGM’s announcement.
The hacker has also posted some sample data. It’s unclear how much they want to get for the stolen database.
The BetMGM breach came to light just days after sports betting firm DraftKings revealed that the personal information of 68,000 customers was compromised as a result of a credential stuffing attack.
In the DraftKings attack, hackers used previously leaked credentials to access user accounts and obtain personal information, as well as to withdraw hundreds of thousands of dollars from victims’ accounts.
By Eduard Kovacs on Fri, 23 Dec 2022 10:38:13 +0000
Original link