Due to a temporary glitch, customers logged in on the 32Red online casino website were able to see other customers’ financial and personal details due to a technical glitch in the company website server.
32Red Server Fault Uncovers 118 Customers’Data
On February 18, 32Red experienced some technical issues that caused customers logged in at the time to be able to see other customers’ personal details. The breach of financial and personal data had 32Red take its site down in order to fix the technical misfire.
Customers who were logged in didn’t have the correct account balance data shown while the issue was ongoing.
Instead of their own details, customers could see the account holder name and last four digits plus the expiry date of other people’s cards. As per Verdict, a media that spoke with 32red, 118 customers were potentially affected by the technical fault.
An unnamed source commented said that they noticed their account was being drained unusually fast and when they attempted to top the account up, they could see that their own card details were gone but they could see another two cards attached to the account instead.
When the person contacted 32Red, the company confirmed they were aware of the issue and assured them they were investigating it.
The customer explained they could see “other people’s monies and cards within my account, randomly changing”. The account’s surplus of £42.50 was incorrectly changed to 5p and was not rectified at the time of the comment.
Only “Limited” Number of Customer Details Revealed
According to 32Red spokespeople, only a “limited” number of usernames, names, email addresses, addresses and mobile numbers were disclosed and no customers suffered financial losses.
32Red is an online casino company licensed in Gibraltar and owned by Kindred Group. The parent company issued a statement explaining there had been a fault with the server that manages session data.
A Kindred spokesperson said: “The issue is fixed and all facilities fully restored. We have completed a full investigation and have reported it to the relevant authority. We are also in the process of contacting affected customers”
In a statement to Verdict, 32Red said it was currently restoring any affected account balances assuring there was no monetary repercussion on customers. Users who were affected were not able to access the incorrect cards for payments or withdrawals.
The company has run a full investigation, contacted the Gibraltar authorities to notify them of the breach and is now contacting the affected customers.
One customer commented on Twitter that he watched his money disappear from his account and when refreshing, saw his debit card listed under someone else’s account. He was disappointed the company hadn’t notified anyone earlier.
According to Jake Moore, a cybersecurity specialist, even though the number of affected customers is small and the data revealed is limited the potential risks are not to be ignored.
Potential malicious agents can quickly develop phishing outreach and target customers to steal additional information where necessary. It is therefore extremely important to make customers aware of the breach as soon as possible so that they can be on the lookout for potential fraud.