Partial payment info was on display
Last week, an unlucky group of customers of the online casino site 32Red received a scare when they saw their account balances mysteriously fluctuate and someone else’s account info replace their own. The site has since said that it was not a hack or a full-fledged data breach, but rather was a technical problem on a server that has since been fixed.
The issue manifested itself on the morning of February 18, when some customers saw the account name and last four digits and expiration dates of payment cards that were not their own. Some even saw complete usernames, real names, addresses, e-mail addresses, and phone numbers of another player.
Balances looked like they were fluctuating for no reason
Of course, with the wrong account information came incorrect account balances, understandably freaking some people out.
One player told Verdict that his balance seemed to be half of what it was supposed to be when he was playing roulette. “I then noticed money being deducted at the start of the spin and at the end,” he said. “At first, I thought it was a glitch that might correct itself if I needed to top up.”
“Eventually I did need to top up as my credit was being drained super-fast. Upon trying to top my balance, my cards weren’t present but two others were. I then suspected being hacked and someone set up in my account to steal my money.”
He could actually see the account balance changing with no action of his own. 32Red did say it was aware of the problem when he contacted them and that they were investigating.
“The technical issue was caused by a fault in a server that handles session information,” 32Red parent company Kindred Group told Verdict.
Earlier this week, 32Red said that it took the site offline to fix the problem. Everything is now back up and running. The company said that nobody has been hurt financially and that no transactions were made on incorrect cards.
32Red has contacted the Gibraltar Regulatory Authority. It has also been contacting the affected customers this week. 118 players in all were subject to the temporary online gambling Twilight Zone.
Customers should keep an eye on things
Jake Moore, cybersecurity specialist at internet security firm ESET, told Verdict that even though this was a relatively minor hiccup, it could still cause major problems for customers.
“Malicious actors can do a lot of damage with even a fraction of data that is leaked – even the last few digits of a card number to other customers as it can easily make its way into the wrong hands,” he said.
Now, from everything 32Red has said, there is no reason to think any of the account information appeared anywhere besides the screens of the 118 affected customers, but there is always at least some non-zero chance that it did. Moore added that it doesn’t take much for criminals to do their thing and that the customers who experienced the glitch should “remain on high alert to fraud and should think twice before communicating with any email or phone call over the coming weeks.”