On Monday, Bet24.com informed its players that a breach in site security, wherein private member data was released to third parties, occurred in December 2009. The admission comes more than 19 months after the information was compromised, and has left many angry, dismayed and more than a little confused.
The most commonly asked question is “Why was no one told?” The speculative answer, issued by gaming industry insiders, is “to protect the brand.”
According to an article published on UK-based science and technology news website, The Register, the Bet24.com announcement followed the arrest of a suspect found in “possession of unauthorized copies of personal customer information relating to various companies including BET24.”
The article goes on to say that the stolen data included customer names, home addresses, email addresses, user account IDs and passwords and encrypted credit and debit card numbers used for payment.
The suggestion here is that Bet24.com fessed up only because it had no other choice. The arrest of a suspect in possession of private customer information and subsequent revelation that the site had been seriously compromised meant that Bet24 players could no longer be deceived.
In what was likely an attempt to get out in front of this story (rather than appear as though site operators were guilty of a coverup), a Bet24 spokesperson said that security upgrades were issued shortly after the breach and passwords for player accounts were immediately reset.
Still, Bet24 failed to inform not only the public, but competitor online casino sites, to whom many of its players assigned the same account passwords. The implication here is that the other operators, unaware of the breach in security, did not reset their account passwords, thus putting already violated player privacy at additional, and dare we say unnecessary risk.
Bet24.com’s Chief Executive Officer, Thomas Petersen, had this to say about the confession: “We have no information to indicate any unauthorized access to our database or breach of our security systems since December 2009, and we have no reason to believe that accounts registered after 31 October 2009 are affected in any way.”
He added that a small number of players had reported unauthorized activity on their accounts, and that the site had issued full reimbursements to those players.