Player Data Breach Alert

Alexandre

Official Rep for Slotsmillion and Ladylucks
Joined
Jan 17, 2006
Location
Barcelona, Spain
Hi everybody,

On Tuesday we had more than 7.000 failed attempt of login on SlotsMillion from China, Brazil and the Ukraine.
After investigation, we came to the conclusion that some online casino database has been compromised.
Let me share with you our internal Jira ticket concerning the matter.
I've removed all sensitive information like usernames and internal links.

SlotsMillion has faced about 7000 failed login attempt the 26/06/2017 approximately between 8:30PM and 8:45PM GMT.
All attempts were using a single username and user password, but the same username has never been reused more than 4 times.
About 40 login attempts, on 15 different player have effectively been successful on SlotsMillion.
The succeeded login have however been "partial" (This not possible for a normal user, but consistent with a bot).
Supposed offender countries are Ukraine, Brazil. China and Japan may be involved too.
All offender IPs are blacklisted IPs by 3rd parties (Checked using
You do not have permission to view link Log in or register now.
)
We have confirmed that no transaction has been done on the player balance for the 15 accounts.
The typical log in pattern for the 15 login attempts was a connection multiple time, subsequently from different IP in Brazil and one in Ukraine.

This lead us to think that:

User had there account stolen somewhere else (Like other casinos or any other forum potentially hacked)
The 15 users login attempt would then be account where the user and the password was the same on SlotsMillion.
The 7000 failed attempts are the accounts that didn't match on SlotsMillion.

In the meantime, please let me know if you have any question.

Offender IP address
177.140.193.173 - Brazil
177.142.205.198 - Brazil
177.141.220.202- Brazil
177.142.173.200 - Brazil
177.142.167.245 - Brazil
177.142.58.170 - Brazil
177.142.113.78 - Brazil
177.142.43.151 - Brazil
177.142.113.124 - Brazil
177.142.43.74 - Brazil
177.142.115.176 - Brazil
177.142.84.42 - Brazil
177.142.204.14 - Brazil
177.142.166.241 - Brazil
177.142.199.69 - Brazil
177.141.168.187 - Brazil
177.141.38.103 - Brazil
177.142.8.236 - Brazil
177.142.201.34 - Brazil
177.141.35.184 - Brazil
177.140.117.40 - Brazil
177.142.182.54 - Brazil
177.141.171.213 - Brazil
177.142.182.54 - Brazil
177.142.193.149 - Brazil
177.183.110.70 - Brazil
177.140.182.93 - Brazil
177.142.71.133 - Brazil
177.192.68.117 - Brazil
177.142.166.249 - Brazil
177.142.140.162 - Brazil
177.142.48.140 - Brazil
177.142.5.3 - Brazil
177.142.132.213 - Brazil
177.142.81.200 - Brazil
177.142.166.84 - Brazil
177.142.64.60 - Brazil
85.238.102.93 - Ukraine
 

Casinomeister

Forum Cheermeister
Staff member
Joined
Jun 30, 1998
Location
Bierland
I have checked out some of the user names - searched them on Google and they are not coming up, so I suspect like Alex it's a casino database (many forum members use other usernames than what they use in the fora).

You need to make sure that you use strong passwords - always.
 

spintee

Ueber Meister
webby
mm2
Joined
Mar 21, 2012
Location
Northants
Fantastic to let us know this stuff, At least players have advance access to change pass words or closer look out.

You will not find many of casino stated the true facts as yourselfs.

I mean this is nothing new, it happens on a daily routine but for you to let players know is good stuff from my point of view,

I rally do not know how its all done but I did take about 6 months out once and alot of that was to work with my old man on the servers at some big company's but started to mess with my brain the computer stuff so I stuck with abit of coding

Fair Play and I will still sign up once U.K gets the all clear
 

colinsunderland

Experienced Member
webmeister
MM
Joined
Jan 28, 2016
Location
uk
Well done to slotsmillion for making people aware of this :thumbsup:

Its extremely concerning that no casino has sent an email out about a data breach, possibly you could contact the customers who's accounts you can identify and possibly narrow the offending casino down by asking what casinos they all have accounts at, if only one or two appear on every list then it might give clues as to who it is.
 

lana.k

Banned User
Joined
Dec 29, 2012
Location
bavaria
There is no need to use a fresh database dump for this kind of attack. There are millions of username/email/password combinations available out there. Someone told me that the gamigo database dump is still a fantastic resource for this kind of stuff. Run a little script that checks for existing usernames and then username/password login. With php and curl i could code such a script in 5 minutes. To avoid such attacks simply don't allow username parsing and finally use captcha-on-login!

Besides that i do know that a big german roulette forum database is currently circulating.
 

Alexandre

Official Rep for Slotsmillion and Ladylucks
Joined
Jan 17, 2006
Location
Barcelona, Spain
Suspicious login attempt prevented

Hi guys,

Here is the email we sent to our customers that were affected by the issue.

On Tuesday the 27th of June around 8pm GMT, our system detected more than 7,000 fraudulent login attempts to SlotsMillion issuing mainly from Brazilian and Ukrainian IPs.

The reason you are receiving this email is because one of the accounts targeted was yours: #PLAYER_USERNAME#.
The connection to your account was prevented successfully and your SlotsMillion data is safe.

However, from the way these login attempts were made, we believe your data on other casinos could be compromised.

Those 7,000 login attempts were made with realistic usernames, of which about 300 corresponded to existing SlotsMillion customers.
For all those login attempts, only few password were tried: it was not a case of massive "blind" brute force, consisting of trying millions of password combinations.
It seems clear to us that the person who tried those logins had an accurate list of the usernames and passwords of casino players; otherwise the percentage of real accounts reached wouldn't be so high.

Such a list could have been acquired by a data breach of one of the websites you're using frequently, or some phishing software that might be installed on your computer. We suspect that the person behind those attempts keeps trying this same list of usernames and passwords on several casinos until they can gain access. On SlotsMillion, 15 accounts have been compromised.

What can be done about it?
We cannot tell you which password is compromised, since it's encrypted in our system. Knowing this could help you to determine from which place it has been stolen, but unfortunately we do not have access to this information.
Since the login attempt failed on your account, all we can tell you is that your SlotsMillion password is safe.
- We suggest you run a full virus scan of your computer to clear it of possible malwares installed.
- We also strongly suggest you change your password on the most data-critical websites you are using and use different passwords if you are not doing so already. Don't forget that your mailbox(es) are perhaps the most critical, since whoever has access to your mailbox can change your password on most of the websites you registered with.

Do not hesitate to contact our customer support if you have any doubt or question,

Your SlotsMillion Team
 
Top