SureBet247 suffers data breach and leaks customers’ gambling information

Like many other online activities, gambling sites using has its risks. SureBet247, a popular sport betting company based in Nigeria was victim of an incident related to the data protection of its users that would have put thousands of records stored by the company at risk.

An anonymous user discovered the information exposed on the public Internet, who reported the find to Troy Hunt, a security researcher and founder of the Have I Been Pwned platform. After attempting to contact SureBet247 without success, the researcher decided to share the find with the cybersecurity community.

According to a data protection firm, SureBet247 is owned by Chessplus International, a Nigerian-based company engaged in online gambling development. The company was founded by Sherif Olaniyan and Olasupo Badmus, former university peers.

In his report of the incident, Hunt mentions that he received the information from an anonymous user: “The source mentioned six databases storing about 32 GB, operated by an online betting company. The exposed information includes usernames, betting histories, among many other details distributed in more than 100 million rows in worksheets,” he says.

This incident has been particularly frustrating for both Hunt and the anonymous informant, who have repeatedly tried to contact the company; on the other hand, SureBet247 has not commented on the incident in any way, so investigators ignore whether the company was even aware of this serious breach of the data protection of its users.

Finally, on New Year’s Eve Hunt mentioned that SureBet247 had responded to his initial report, although the company did not appear to specify the measures it would take to mitigate the consequences of the incident, a delusive attitude considering that the company could have fallen victim to a data breach.

Based on Hunt’s reporting, the International Institute of Cyber Security (IICS) finds it unlikely that the company will implement an appropriate security incident management process or even notify all potentially exposed users.

Given the company’s irresponsibility, customers are advised to reset their access passwords to the SureBet247 platform, in addition to monitoring their bank accounts for any suspicious activity.