BetMGM warns customers in the wake of US operator cyberattack

BetMGM has warned its online account holders to increase the cybersecurity on their igaming and sports betting accounts following a wave of cyberattacks against US operators by hackers.

Attacks have mainly utilized existing customer passwords from other non-affiliated sites obtained via the so-called ‘dark web’ to log in to sportsbook and igaming accounts, and in many cases drain those accounts of available funds.

Responding to this, the operator sent an email to its account holders acknowledging the recent reports surrounding a cyberattack but was keen to distance itself and its servers from having been affected.

“You may have seen recent news reports concerning possible data compromises at various gambling operators,” BetMGM’s email stated.

“Although it is unlikely your BetMGM account has been impacted by these events, we recommend you take the following steps to protect your account,” it continues.

Methods of encouraging greater protection in BetMGM accounts advised in the email include creation of a password unique to BetMGM, ostensibly to avoid attempted attack hackers using the same password obtained from other sites.

Twin-factor authentication, an increasingly popular method of enforcing cybersecurity by operators, which requires verification of account information across two separate devices, is also recommended.

Finally, the email suggests opting in to BetMGM email alerts, which notify customers of any login attempt.

“Taking these necessary steps will ensure the continued security of your personal information,” the email concludes.

The day before I closed this account, the fraudsters successfully created a @BetMGM account in my name & deposited $2k. BetMGM contacted me & have already reimbursed me.

I also received a password reset email from Stardust Casino (@FanDuel) due to failed login attempts (not me). https://t.co/lUeDhipvGS

— Phil Galfond (@PhilGalfond) November 22, 2022

Reports first began to surface last week regarding a breach of BetMGM involving the creation of fraudulent accounts using the information of professional poker players by hackers aiming to withdraw funds from unsuspecting account holders.

Breaches have taken place throughout both October and November, and utilize lifted data to set up duplicate accounts that are then matched to BetMGM’s payment provider, Global Payments Gaming Solutions, allowing hackers to use mobile payment service Venmo to drain accounts.

When contacted over the breaches, BetMGM confirmed it was “actively investigating” the potential breach, with Global Payment Gaming Solutions likewise assisting authorities.

Fellow operator DraftKings has also been severely affected by the breaches, with $300,000 in customer funds being drained from user accounts. It is understood they have sent a similarly worded email to customers concerning verification changes.