A serious heads up call for operators to revisit their database security systems
With the high level of consumer concern over Internet identity theft, and the online gambler's imperative for privacy protection, it is surprising that details of players at major online gambling sites can be obtained illegally, yet revelations this week suggest that this is not only possible, but routine.
Webmaster Nick Haslem of the Australian gambling information portal AustralianGambling.com.au has opened an international can of worms by exposing the sale of full customer details, apparently by employees of major online betting companies, at
Haslem says he was able to aquire sensitive player information from sites like William Hill, 888, and Full Tilt Poker as a sample of player information being offered for sale.
But on contacting the companies concerned, he has to date received no response.
Haslem names one Ryan Clegg as a person who purchases personal player data from the employees of online casinos, online poker rooms and virtual bingo halls.
Clegg was clearly a familiar name to many poker industry webmasters, who discussed Haslem's findings at http://www.pokeraffiliatelistings.com/forums/general-poker-affiliate-forum/6458-player-information-being-sold.html and confirmed contact Clegg's contact details as Skype "realplayers4u" with a profile revealing a Surrey UK location. He uses MSN as firstname.lastname@example.org, too, apparently.
The details that Clegg claims he purchases every couple of weeks include the full names of online poker players, their home addresses, birthdays and their email addresses.
Along with the above information, purchasers can apparently also view the gambling habits of the players, deposit amounts and visit frequency are listed, along with win and loss amounts.
Acquiring the information was obviously an illegal act. There were no indicatiions that management at any of the firms was aware of the sale of customer information or sanctioned it.
Various posters confirmed that the totally unethical practice of selling private player information is alive and well, claiming that they received several approaches every month, usually when an employee for a company leaves and decides to download the DB before their exit.
Surprisingly, Clegg informed Haslem that one of his sources was a one time industry exec named Frank Best, who was a media agency partner with Clegg in the past.
Clegg gave Haslem an astonishing amount of detail on other sources, naming “Casino Tropez, Eurogrand, Casinojoy, 888, Intercasino, Spin Palace, 32 red, William Hill, Europa Casino, Vegas Red, PlatinumPlay and Roxy Palace,” along with sports and betting player lists from
Ladbrokes, Betfair and ToteSport, William Hill and Coral."
As a part of the sales pitch, Clegg offered, and sent, a sample to Australian Gambling that included the personal data of 50 online gamblers, delivered in an Excel spreadsheet and including:
1. Name – This included both first and last name
2. Address – Both number and street
5. Email address
6. Telephone number
7. Net loss – The amount the player had won or lost at the casino
8. Deposits – The total of the player’s real money deposits
Haslem published what he claimed was an actual email from Clegg, sent to Haslem on Australian Gambling, wherein Clegg attempts to close the deal. In it, Clegg advises that the latest batch of casino data available contains "...roughly 40k full records available which include Full name, address, email, telephone number, net loss and total deposits of each player.
"All the data is European and comes from various online casinos like Casino Tropez, Eurogrand, Casinojoy, 888, Intercasino, Spin Palace, 32 red, Will Hill, Europa, Vegas Red, Platinumplay and Roxy Palace."
And according to Clegg 1 000 records is worth $100 - the 40 000 records are available for a mere $4 000!
Clegg notes in his email: "Finally, as I mentioned we have around 500 records for bingo which are just Uk email addresses and they come from Foxy, Cheeky and Tombola Bingo. I would be willing to chuck these in for free on any substantial order."
Haslem rightly remarks: "The horrifying part of this trade is that details including full names, residential addresses, dates of birth, email addresses and other financial information including amounts deposited and lost or won, is being sold for an agreed fee to whoever has enough money to purchase it.
"It goes without saying this information could be easily misused."
A wake-up call indeed.