PokerStars data breach exposes over 110K customers

PokerStars, the world’s largest online poker site, said that it’s fallen victim to the MOVEit Transfer attacks, with attackers accessing sensitive user data.

The US-registered company behind PokerStars in the region, TSG Interactive US Services Limited, started notifying customers whose data may have been exposed in the recent MOVEit Transfer attacks claimed by the Cl0p ransomware cartel.

The MOVEit zero-day vulnerability allowed the gang to access and extract certain information from the MOVEit Transfer servers, which victims used to store and share data. PokerStars also held some of its data there.

“Following the incident, we no longer utilize the MOVEit Transfer application,” PokerStars said.

The company’s letter says it learned about the vulnerability on June 2nd. The following investigation, assisted by external experts, concluded that “some files associated with PokerStars may have been copied by an unauthorized third party from May 30th to May 31st.”

According to the information that PokerStars provided to the Maine Attorney General, the breach exposed 110,291 individuals. Exposed files contained personal user details, including names, addresses, and Social Security numbers.

Experts warn that cybercrooks can use personal information to commit fraud ranging from identity theft and phishing attacks to opening new credit accounts, making unauthorized purchases, or obtaining loans under false pretenses.

PokerStars said there’s no indication that the data was misused so far, however, the company will offer victims third-party identity protection services free of charge for 24 months.

The PokerStars brand is controlled by a Canadian online gambling company, The Stars Group, which is owned by a British sports betting firm, Flutter Entertainment.

Unrelenting Cl0p and MOVEit hacks

So far, nearly 400 organizations have been confirmed to be impacted by Cl0p’s MOVEit Transfer attacks, with over 20 million people having their data exposed.

Cl0p is a Russia-linked ransom group claiming responsibility for exploiting a SQL database injection flaw in the MOVEit Transfer file system, which has impacted thousands of companies worldwide.

Named victims include American Airlines, TJX off-price department stores, TomTom, Pioneer Electronics, Autozone, and Johns Hopkins University and Health System.

Other prominent brand victims include Shutterfly, Warner Bros Discovery, AMC Theatres, Honeywell, Choice Hotels’ Radisson Americas chain, and Crowe accounting advisory firm.

Exclusive information, vetted by Cybernews, indicates that at least some of Cl0p’s affiliates might be residing in Kramatorsk, a Ukrainian city in the country’s embattled east. US officials are offering a $10 million bounty on the Cl0p gang.

More from Cybernews:

Nice Suzuki, sport: shame dealer left your data up for grabs

The passing of Kevin Mitnick: behind the eyes of a hacker

How AirTag is fueling domestic violence

First search result leads to malware: crooks now paying for ads

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked