Original Post from InfoSecurity Magazine
Nigerian Betting Company Denies Breach
Nigerian online betting company SureBet247 has told the public not to be deceived by “false” reports that the firm has suffered a serious data breach.
According to the website iAfrikan.com, over 32GB of SureBet247 data, spread across six databases, has been exposed online. The information affected by the alleged incident includes user profiles, betting slip logs, a list of SureBet247 staff email addresses, and data linked to the company’s website surebet247.com.
The alleged breach came to light after an anonymous source found SureBet247 data online and tipped off Australian security researcher and haveibeenpwned founder Troy Hunt.
“Within the databases there’s everything from user records to betting histories, the latter consuming more than 100M rows in one of the databases,” said Hunt.
“I’m yet to total the user records, but multiple databases contained hundreds of thousands of user records each, so the number is substantial. Impacted data includes names, email addresses, dates of birth and betting records. It’s not yet clear whether passwords were also compromised, that’s something I’m hoping to clarify with them.”
The anonymous source reached out to Hunt in December 2019 after an attempt to warn SureBet247 of a potential security issue was spurned. Hunt contacted iAfrikan after his own efforts to notify SureBet247 of the alleged breach elicited no response.
When iAfrikan’s Tefo Mohapi contacted the gambling company to warn them of the alleged breach, he received a suggestion to email technical support and the response that it was SureBet247’s decision whether or not to notify their customers of a possible data breach.
According to MyNaijaBlog.com, the director-normal of Nigeria’s National Information Technology Development Agency (NITDA) has requested that an investigation into the alleged breach be carried out by the Data Breach Investigation Workforce.
SureBet247 has publicly denied that any data breach has taken place. Earlier today, the company posted the following message on Twitter: “Dont be decieve [sic] by any false info. We weren’t breached on any data. Thanks.”
SureBet247 was founded in 2011 and trades under the name ChessPlus International Limited.
According to Mohapi, other online sports betting operators may have been affected by the alleged security incident. The exposed databases indicate that BetAlfa, BetWay, BongoBongo, and TopBet may have been compromised.
Go to Source