Home GDPR #Privacy: Online betting company denies data breach
GDPR - January 9, 2020

#Privacy: Online betting company denies data breach

Nigerian online betting company SureBet247 has denied reports about the firm suffering a data breach. 

According to iAfrikan.com, more than 32GB of data, spread across six databases was exposed online. 

The exposed data included user profiles, betting slip logs a list of staff email addresses and data linked to the company’s website. 

An anonymous source discovered the breach online and alerted Australian security researcher, and founder of haveibeenpwned, Troy Hunt in December 2019 after attempting to warn SureBet247 of a possible security issue. 

“I’m yet to total the user records, but multiple databases contained hundreds of thousands of user records each, so the number is substantial. Impacted data includes names, email addresses, dates of birth and betting records.”

“It’s not yet clear whether passwords were also compromised, that’s something I’m hoping to clarify with them.”

After failed attempts to contact SureBet247, Hunt reached out to iAfrikan’s Tefo Mohapi, who contacted the company about the breach. Mohapi was told to email technical support. 

Mohapi contacted the customer care agent again and explained the seriousness of the breach, and that at the minimum they need to alert the customers of the breach, to which the agent responded: “That is ours to decide.”

“One would expect that a company that handles financial transactions would treat a potential security breach alert with urgency and have processes in place on how to deal with such potential breaches once they have been communicated to them,” said Mohapi. 

SureBet247 has publicly denied that a data breach has taken place, posting on Twitter: “Don’t be deceive [sic] by any false info. We aren’t breached on any data. Thanks.”

The director-normal of Nigeria’s National Information Technology Development Agency (NITDA) has requested an investigation into the breach.

The post #Privacy: Online betting company denies data breach appeared first on PrivSec Report.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

CISA believes SolarWinds attack could have been prevented with simple countermeasures

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency…