PokerStars Suffers Serious Data Breach Exposing 110k People
Table of Contents
- By Steven
- Aug 02, 2023
PokerStars is one of the largest online poker rooms in the world and has millions of registered customers that use the platform to play remotely with others from different areas of the world. The company is well-known for providing poker and other card-game services and is part of a larger gambling network with more organizations. The company houses data for millions of users that access the platform, and some of that data was just accessed in a recent breach.
How Did the Attack Occur?
The PokerStars data breach worked the same as all the other MOVEit breaches. The ransomware gang utilized a Zero-Day security vulnerability in the MOVEit file-transfer tool to access data stored by PokerStars. The tool is meant for securely transferring information, but the vulnerability makes any data connected to the program vulnerable. Between May 30 and May 31 that PokerStars data was accessed and could have been copied, according to the third-party investigators who looked at the incident.
What Information Was Viewed or Stolen?
According to all the official reports concerning the PokerStars data breach, individuals lost their Social Security numbers, first and last names, home addresses, and more. It was mostly personal details that were taken in this data breach, likely from people registering to use one of the company's gambling platforms. All the data listed and other data points unlisted could have been taken from more than 110,000 individuals using the PokerStars platform. Anyone affected could suffer from serious problems because of the breach.
How Did PokerStars Admit to the Breach?
PokerStars admitted to this data breach by sending out a company letter explaining the situation. The letter explains that an external investigation confirmed that some PokerStars files could have been copied near the end of May. The company also sent a report to the Maine Attorney General to give the details of the breach. Between these two notices and the individual letters being sent to each victim, everyone will be notified of the breach.
What Will Become of the Stolen Information?
PokerStars stated that there is no evidence of the data being misused so far, but the ransomware gang running these MOVEit data attacks is looking to make a profit on the information they've stolen. The data will likely be sold or utilized for hacking attacks in the future. It's impossible to say what the hackers will do with the information, but anyone who's identified as having lost information because of this breach should take immediate action to protect themselves as much as possible.
What Should Affected Parties Do in the Aftermath of the Breach?
If you receive a notice informing you that your data was involved in the PokerStars breach, you should take steps to protect it immediately. PokerStars is offering free identity theft protection for anyone identified as being exposed for a total of 24 months. If you have access to this protection, you should use it. You should also monitor your accounts and consider freezing your credit for at least a few months to prevent any identity theft attempts.