The gambling firms Paddy Power and BetFair have suffered a data breach, after “an unauthorised third party” gained access to “limited betting account information” relating to up to 800,000 of their customers.
What was exposed? Usernames, email addresses, IP addresses.
However, parent company Flutter says “no passwords, ID documents or usable card or payment details were impacted”. The word “usable” might be doing some heavy-lifting there, I wonder if some partial payment card details were exposed…
Email sent to affected customers of Paddy Power
An obvious threat is phishing attacks, targeting Betfair and Paddy Power customers – perhaps posing as messages from the companies, in an attempt to trick users into handing over more of their details. So be on your guard!
Flutter says it is carrying out a “full investigation” to understand the scale of the breach, and is working with external cybersecurity experts.
Readers with long memories will recall that this is not the first time that Paddy Power has suffered a data breach, although it appears to have been more proactive in informing its customers this time.
By: Graham Cluley (Cybercrime Researcher and Blogger)
Original link to the blog: Click Here
Comments