Account security concerns at multiple casinos

[lifechooser]

Whenever I hand over my email address, I always use the format theircompanyname@mydomain.com, so that when I recieve spam I know who has sent it, or sold my details, or generally broken their own privacy rules.

Before this year, I'd only ever caught one company out, the BBC of all people. This year I've had a couple of companies selling my details when they shouldn't, and one magazine who admitted a security breach, and gave me a free subscription in compensation.

On top of that however, I have now had spam emails sent to five different addresses that I have only ever used to register at casinos with.

3 were related (same casino software, same spam), and the casino admitted in confidence that it was a breach of security by one of their support staff. At one point the manager of one of the casinos phoned and wanted me to testify in court against that person. I agreed, but haven't heard anything since, despite chasing.

Another was earlier in the week. My email to support was forwarded to security, and the casino guarantees not trading or giving out of email addresses. I will chase this today until I get a satisfactory response.

The final one happened this morning and was the straw which broke the camels back. I have yet to email the casino in question, but it won't be a friendly email.

All five casinos involved are highly reputable, popular casinos. All spam emails are the sort that wouldn't get past the lamest spam filter, and link to sites I've never heard of with way to good to be trusted 500% bonuses to new US players. All casinos guarantee privacy and not to sell or disclose details to third parties.

For now, I'm not going to name names, unless casinomeister thinks that I should. What I want to know is how well I should trust casinos? They have lots of personal details from me, including credit cards, neteller and bank details, and security questions such as my mothers maiden name. I'm getting extremely worried and tempted to phone up most of them to ask for my accounts to be deleted, leaving only a one or two to play at regularly.

I also wanted to bring this to everyone's attention on here, and hopefully to hear from some reps about what security they have in place and vetting of staff to prevent breaches such as these.

 

[maxd]

... I'm not going to name names, unless casinomeister thinks that I should.

I can't speak for the main man but my vote is "Name Them!" If we don't call the name-sellers out then they just do it, take the money, and run. Give them publicity they don't want and maybe they'll see the error of their ways and, perhaps more to the point, others might too.

 

[jetset]

I agree - you seem to have certain proof that these operations are abusing the confidentiality of the email addresses you gave them - expose the buggers!

 

[vinylweatherman]

I agree, name and shame. If they are allowed anonymity, they will remain in denial that this is happening. If named, the reputable ones will have an opportunity to mend their procedures. It would only be fair to PM the relevant casino reps, so that they have an opportunity to join in the debate, and alert their management to what has been found.
If you have proof, better still. You are not making wild assumptions, if you have used different E-mail addresses to different casinos, it is easy to spot the sources of the leaks of your E-mail addresses. It may be deliberate, or a scam from a low level employee who sees the opportunity to make a little extra on the side.
Many of us here know that, despite promises, our details are not as secure as they would be at, say, our banks.
One problem with this method of detection is that you cannot use webwallets, as the E-mail address registered at the casino has to be your "real" one because it has to match the one registered with the webwallet. It's not a problem if you use cards though.

As you are from Southampton, I have to ask, your name isn't Adrian by any chance?

When I was a teenager, a friend of mine had a friend who was pretty smart, and used a similar method for working out which companies sold his details to junk mail companies. It involved changes to middle initial(s) rather than messing with the main details. He was also rather good at electronics, cleverer than me in fact

 

[Casinomeister]

Well if you've gone this far, then name them. Please PM the rep (if there is one here - I have a feeling there is though) so he can respond.

This is the problem with every online entity. Even the tightest secured system can fail against a rogue employee who swipes a database. It happens way too many times.

 

[lifechooser]

PM's sent.

 

[lifechooser]

Well if you've gone this far, then name them. Please PM the rep (if there is one here - I have a feeling there is though) so he can respond.

This is the problem with every online entity. Even the tightest secured system can fail against a rogue employee who swipes a database. It happens way too many times.

But if an employee can swipe a database of names and emails (some emails included my real name), then what's to stop them swiping bank/card details too?

 

[Casinomeister]

But if an employee can swipe a database of names and emails (some emails included my real name), then what's to stop them swiping bank/card details too?

I'm pretty sure that email databases are kept separate from the banking ones which are encrypted. Maybe some casino reps can shed more light on this.

I know of a couple of cases of stolen databases where it was only the email addresses that were involved. Nothing to do with banking details.

 

[bb28]

My Vote

I would also liked to see them named. I didn't take the time to register different email addresses for the proof but I've been very suspicious of some of the spam I have received. I had not been registered at many casino's until the last year and since that time my spam has increased fifty fold.
It has crossed my mind many times that we all might be very afraid if we actually knew the facts of what personal information might be easily accessed or leaked.

 

[cyprean]

This thread has potential.

A lot more exciting than the reruns of the Bold and the Beautiful.

Name 'em!

 

[BBKPoker]

Sites that are selling your information should be named and shamed.

Sites that have security breaches where email addresses are compromised to spammers should publicly divulge this information and apologize for it.

So either way, this information should be public.

Please name the casinos.

 

[USA2112]

Casinos that break their confidentiality terms should be exposed, whether it will really help stop it from happening I doubt it. Even if certain casinos come forward and explain and apologize who's to say they are telling the truth about how are why this has happen.

I use two emails for online casinos and both are being sold or given out by some of the casinos. How I know, lately the spam level has been higher then usual, and the spam offers I receive I sometimes receive the same spam from the same spammer address in both my email accounts I use for online casinos at the same time. That tells me not only are they selling information it seems to suggest that certain casinos are also trading and sharing the information with each other before selling it.

It's a really sad players have to worry about trusting online casinos with certain information, and as mentioned earlier due to encrypted coding I doubt this is an issue with credit cards ect, but if we are going to gamble online this will always happen and I don't believe it could ever be stopped completely. Ignorance with certain employees in any work enviorment happens and in most cases not exposed until after the fact, but it never hurts to expose it publicly.

There is one other way to help with this problem and I know some sites are set up for doing just this is to expose the spammers, posting their emails at least brings attention to the spammers that are willing to buy this information and use it.

Funny thing, they don't get my business I just hit the delete button without even a look.

 

[lifechooser]

I sent a PM to casinomeister asking for the best way to contact the reps, but didn't get a reply. How do I find the reps to let them know about this thread when I do name names?

 

[suzecat]

I sent a PM to casinomeister asking for the best way to contact the reps, but didn't get a reply. How do I find the reps to let them know about this thread when I do name names?

Click on Casino Contacts near the top of the page................should be an interesting finale!

 

[Casinomeister]

I sent a PM to casinomeister asking for the best way to contact the reps, but didn't get a reply. How do I find the reps to let them know about this thread when I do name names?

Sorry, you must have PMd someone else - I have nothing from you.

Anyway, click here if you haven't done so already:
https://www.casinomeister.com/forums/groups/

 

[lifechooser]

Ooops, something went wrong there. I've PM'd you again, and the reps.

 

[Casinomeister]

Ooops, something went wrong there. I've PM'd you again, and the reps.

Fine, I would expect the conversation here to take shape Monday since many of the managers are off on weekends. Just an FYI in case it seems they aren't answering

 

[hitobito2005]

I would also appreciate it if you'd name the Casinos.

I've been receiving much more spam recently

 

[lifechooser]

I will, but I want the reps to have a heads up first.

 

[cyprean]

All five casinos involved are highly reputable, popular casinos.

This part makes this very interesting.

A highly reputable casino, it's just a myth, marketing tactic. You seem to be never safe.

 

[maxd]

A highly reputable casino, it's just a myth, marketing tactic. You seem to be never safe.

Of course you're entitled to your opinion Cyprean but I don't think this statement is fair or true. Sure, there are some bad apples in the bunch, even a few rotten ones, but many casinos and poker rooms have worked long and hard to earn and keep their good reputation. Of course that's no guarantee that it will always be so, but I think one needs to give credit where credit is due.

 

[jetset]

There is also the ever present risk of human error, rather than malice or outright dishonesty - a casino can go for ages, handling millions of individual transactions without missing a beat, but then a single human stuff-up or plain stupid decision can bring discredit and abuse.

I'm not excusing inefficiency, but it happens....and not all screw-ups are motivated by evil intent. They're screw-ups, and the manner in which the casino management addresses them can speak volumes for their professionalism and the possibility of continued trust from players.

 

[lifechooser]

Ok, time's up. I think the casinos involved have had fair warning.

-----------------

The most recent one is totesport. I have had spam emails from 'superpalacegold.com' and 'Gold VIP Club Casinos' (

You do not have permission to view link Log in or register now.

, signed by itsforyougetitnow.com). I have not clicked on any of those links.

Their response to my emails were less than satisfactory as far as I am concerned;

The Marketing team have investigated this and believe the reason for the spam is an automated spam program has guessed your email address by using all combinations of the word "totesport". Other customers with "totesport" as part of their email address have been targeted by this in recent weeks, as have members of our staff who have "totesport" or "tote" as part of their email addresses.

We never pass on any confidential customer information to third parties and take customer privacy very seriously. Totesport have one of the best reputations for security and trustworthiness in the online gaming community.

You have received it as you have registered an email address beginning with 'totesport'. As we have stated below even some of our own staff have received them as they have email addresses like this. We would not pass your details on to anyone else.

The emails you have shown us are gambling related, if they search for email addresses using 'totesport' then they are expecting to find people who have gambling accounts and can aim these emails towards them.

To me this suggests that they think I used totesport@mydomain.com elsewhere on the internet and that's how spammers have picked it up. They won't be told otherwise. I've asked for my account to be deleted, however I imagine it will only be deactivated, and this gives me cause for concern. However the words stable, door and bolted spring to mind in this instance.

-------------

Also last week was bluesq.

I received emails from; Link Removed ( Old/Invalid) and Link Removed ( Old/Invalid) . Once again I haven't visted the sites, and do not know if they are casinos, rogues, phishers or virus sources.

Bluesq told me on wednesday that their security is investigating, and they haven't traded or sold any email addresses ever.

I chased them sunday and am awaiting a response.

-------------

Way back late last year my intercasino.com, intercasino.co.uk and littlewoods addresses were used by 'iCasinoMagazine' who 'reviewed' Empire Casino.

All three casinos liased with each other and identified a member of support staff who had walked off with a list of email addresses. The last I heard was that they were trying to take the guy to court, but that was many months ago, possibly a year. I haven't heard anything since, though I did get a spam email from a willhill affiliate to one of those addresses.

---------------
Going back to stable doors and bolted horses. I really want to hear from uninvoled casinos about what security they have in place to prevent this from happening in future. And I advise you all to use unique email addresses if you have the power, i.e. your own domain with a catch-all account.

 

[Casinomeister]

Well, totesports got back to me and they were planning to respond here, but they wanted to see what the other casinos came up with. So it's not like this isn't being looked into seriously.

I would suspect either a spam machine generating these sorts of emails, or some ex-employee walking off with an email list is what is happening here.

I seriously doubt any of these casinos would sell an email list - for one thing it's not worth the risk, and they make enough money through legitimate means. Selling email lists are usually done by your fly-by-nights or Costa Rican clip shot joints that lack scruples and are hard up for cash.

 

[Casinomeister]

...Going back to stable doors and bolted horses. I really want to hear from uninvoled casinos about what security they have in place to prevent this from happening in future. And I advise you all to use unique email addresses if you have the power, i.e. your own domain with a catch-all account.

Excellent point - I've always recommended that players do this to fight spam:
https://www.casinomeister.com/accredited-casinos/

Point seven: Fight Online Casino Spam

And here:
https://www.casinomeister.com/how-to/fight-online-casino-spam/