32Red Customers See Other Players’ Info in Shock Data Breach Glitch
Customers at 32Red watched in shock and horror as balances disappeared in front of their eyes last week
Customers at 32Red watched in shock and horror as balances disappeared in front of their eyes last week, a ‘technical glitch’ in the British online casino’s server also showing them other players’ credit card info, usernames and real names
Verdict cybersecurity magazine reported 32Red as admitting: “118 accounts were potentially affected by the technical issue”, on Thursday February 18th. Customers logging in were met with other players’ account information.
This included the wrong account holder’s name, as well as the last four digits and expiry date of other customers’ cards. Usernames, real names, email and billing addresses, along with mobile numbers were also exposed to a “limited” number of other 32Red customers.
In several cases, incorrect account balances were displayed, one anonymous player telling the magazine he ‘noticed his balance was half of what it should have been’.
“I then noticed money being deducted at the start of the spin and at the end. At first, I thought it was a glitch that might correct itself if I needed to top up,” he added.
However, worse was to come as he tried to top-up, the customer revealing, “…my cards weren’t present but two others were. I then suspected being hacked and someone set up in my account to steal my money.”
Other customers had the same problem, taking to Twitter to vent their fears and frustration…
The player added: “I rang them, and got told they couldn't speak to me about it. Website was still running over an hour later. I was seeing other people's money in my account changing every couple of minutes.”
Another customer of the Kindred Group company tweeted: “I watched my money drain from my account. I then refreshed to see someone else’s account with my debit card listed.
They added: “I had a win yesterday and did a withdrawal last night of £150 so I’m hoping this doesn’t affect that. The fact they haven’t alerted anyone is a bit of a bad move.”
With no public announcement forthcoming from 32Red, customers were left in the dark about balances and the safety of their accounts.
Eventually, a Kindred Group spokesperson explained to Verdict: “The technical issue was caused by a fault in a server that handles session information”.
They added that “no financial transactions were made to or from incorrect payment cards” and claimed, “there is no financial impact to any 32Red.com customer”.
The company also stated, “The issue has now been fixed and all facilities fully restored,” adding: “We have completed a full investigation and have reported to the relevant authority.”