Christmas Casino heist: BetMGM hacked, data of 1.57 million gamblers leaked , while data of 68,000 DraftKings customers also hacked

BetMGM, an online sports betting website owned by MGM Resorts, announced a data breach on the same day hackers attempted to sell a database holding 1.5 million BetMGM user records.

BetMGM said on its website on December 21 that “unauthorized access was gained to customer information.” MGM Resorts had 142 million customer details released on Telegram in May 2022 as a result of a data breach in 2020; BetMGM is the most recent company to have a data breach.

BetMGM is an online sports betting business that recently experienced a data breach, resulting in the theft of 1.57 million clients’ information. The attacker posted the stolen information to BreachedForums, a cybercrime and hacking site that emerged as an alternative to the now-seized Raidforums, the same day it was taken.

In their article, the attacker claimed that the database had information for every consumer who made a casino bet in November. The message was posted on the 21st of December, 2022. Additionally, the hacker supplied data samples. However, it remained unclear how much they requested for the database.

“We compromised BetMGM’s casino database as of November 2022. The database contains all BetMGM casino customers (nearly 1.5 million) from MI, NJ, ON, PA, and WV as of November 2022. “Every consumer who has ever gambled at a casino is included in this database,” the hacker said.

The corporation disclosed  that it discovered a data breach and believes the incident happened in May 2022.

According to BetMGM, the stolen information includes customers’ names, postal addresses, email addresses, phone numbers, dates of birth, account identifiers, hashed Social Security numbers, and transaction-related data.

The corporation asserted that the data “varied by customer” and that there is no proof that passwords or account balances were accessed. The corporation continues to advise users to reset their passwords and has offered to provide free identity restoration and credit monitoring services to affected clients for up to two years.

In the DraftKings attack, hackers exploited compromised credentials to gain access to user accounts, collect personal information, and take hundreds of thousands of dollars from the accounts of victims.

Customers’ names, phone numbers, addresses, email addresses, account balances, profile images, details of prior transactions, the date of their last password change, and the last four digits of their credit or debit cards are among the sensitive data DraftKings says may have been stolen in this incident.

However, there was no proof that hackers took SSNs, bank account details, or driver’s license numbers. DraftKings asked users to immediately update their account credentials and reset their passwords. Additionally, the hackers took cash from victim accounts. Notably, the cofounder of the business, Paul Liberman, has stated that $300,000 was stolen from victim accounts. The event happened during the month of November.

Friday, DraftKings delivered notice letters to impacted consumers, telling them of the data breach, and claimed that it will reimburse the stolen monies.

“Based on our investigation to far, we think that attackers obtained your login or email address and password from a non-DraftKings source and then utilized them to enter your DraftKings account,” the letter said.