1. By continuing to use the site, you agree to the use of cookies .This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy.Find out more.
    Dismiss Notice
  2. Follow Casinomeister on Twitter | Facebook | YouTube | Casinomeister.us US Residents Click here! |  Svenska Svenska | 
Dismiss Notice
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!

At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.

Registration is fast, simple and absolutely free so please, join Casinomeister here!

Player Database Compromised

Discussion in 'Online Casinos' started by sirius, Apr 25, 2005.

    Apr 25, 2005
  1. sirius

    sirius Senior Member

    Location:
    UK
    I was alarmed at something Jerry Garner wrote about a player database being circulated which included credit card info, account usernames and passwords. Although Jerry didn't spell out the casino in full, there was only one possible match fitting his description and I think players should be aware of it. I did try contacting the casino yesterday but haven't received a response yet.

    Post number 16 here: You must register/login in order to see the link.

    You must register/login in order to see the link.

    This rumour has coincided with the departure of their Chief Operation Officer, Michael Maerz, last week.
     
  2. Apr 25, 2005
  3. jetset

    jetset Ueber Meister CAG

    Occupation:
    Senior Partner, InfoPowa News Service
    Location:
    Earth
    This is a very serious allegation to make against any Internet company, although I accept that if something untoward has happened, the players need to be warned timeously.

    I think that having raised this issue, Garner needs to communicate his source/s to the casino so that they can track the perpetrator down, halt any further compromise and take action to warn their players.

    I have also asked for a comment from Intertops management.
     
  4. Apr 25, 2005
  5. Casinomeister

    Casinomeister Forum Cheermeister Staff Member

    Occupation:
    Homemaker
    Location:
    Bierland
    Geeze, if you have something meaningful to add to the forum, please don't do it by slapping links to other people's message boards to include your own. We've been through this before. How would it look if I came to your forum and did the same? It's forum etiquette that I'm concerned with and this is something most webmasters abide by.

    Please post a synopsis instead. Thank you.

    That said, I don't buy it. Allegations of thievery without anything to back it up leans on the side of sensationalism for the sake of being sensational.
     
  6. Apr 25, 2005
  7. sirius

    sirius Senior Member

    Location:
    UK
    I don't think Jerry would make it up. I think people need to be warned about this so they can at least change their passwords.
     
  8. Apr 25, 2005
  9. Casinomeister

    Casinomeister Forum Cheermeister Staff Member

    Occupation:
    Homemaker
    Location:
    Bierland
    Yeah, but I don't see it quite that way. Sure letting players know they need to be proactive in protecting their accounts (don't use the same password, etc.) is a good thing, but this is rumor mongering which can be potentially dangerous. Here we have a poster in another forum who heard something from someone else, and it's spilled over here entitled "Potential big problem at Intertops?" Now I'm obliged to contact the casino management to let them know a rumor has appeared in Casinomeister' forum. What the hell?

    A more responsible and reasonable approach would be to list the ways in which players need to protect themselves. If you're going to drag casino names in (I don't care if it's Slots Alley or Trident's Lounge), bring in the facts as well. Google spiders these threads, and weeks or months into the future, players or affliates will be searching for "Intertops" and threads like this will appear.

    For it to be a "red herring" is a disservice for everyone.
     
  10. Apr 25, 2005
  11. dominique

    dominique Dormant account

    Occupation:
    webmistress
    Location:
    The Boonies
    That is true. These things sometimes hang in the top results of the search engines for a long time.
     
  12. Apr 26, 2005
  13. jerryg

    jerryg Dormant account

    1. I have not seen this database first hand, so can not say with absolute certainty. That is why all I did was relay the details of the conversation and to say that person x said this. Although, I know this guy would have no reason to come up with this particular casino name out of the blue, so who knows.

    2. I do not know that it contains any credit card information. I was told it contains, name, mailing address, phone number, user name and password. I have no idea of anything to do with credit card numbers.

    3. Those who say I should contact Intertops are misinformed, or at least do not have the information they should. Having any direct communications with Intertops would be a conflict of interest that could cause me to lose a very important project, and I'm simply not willing to risk that over a database I have not even seen myself, was only told about. I had previously told Sirius that if he would like to contact Intertops and liason between the two of us, that I would do everything I could to help them out.


    B ~ I understand that you are "obligated" to notify intertops that there is a rumor on your message board about them. Would you not also be equally "obligated" to also check into the source of the rumor to see if there is any validity to it?

    I mean, if you left it unchecked without notifying the casino, and things got out of control, that would be bad, so of course you want to notify them. But if you just blindly dismiss it as rumor, and someone suffers finanically as a result, where does that leave you sitting?

    It is perfectly fine to say you don't believe something, but if you are going to automatically label something as a "red herring" or a "rumor", then please at least take a moment to look into it before coming to that conclusion. As it stands, these items are mere assumption, and I think you know it is never a good idea to proceed based on assumption.

    Having said all of that, I have asked this person to send me a copy of the database, along with the original correspondence from the person who sent it to them. If Intertops is interested in this, then they can work through Sirius to let me know how to get the information submitted to them. If they are not interested in this, then I see no reason why I should be either.

    In closing, let me just state once more that I have never seen this "database" myself, so ultimately, I cannot say one way or another. All I can say with absolute certainty is that someone told me they had received a copy.
     
  14. Apr 26, 2005
  15. Casinomeister

    Casinomeister Forum Cheermeister Staff Member

    Occupation:
    Homemaker
    Location:
    Bierland
    Well, it's still a little foggy to me :D You're saying some guy told you that another guy left Intertops and took the database and has put it on the market? But you don't want to get involved because you have a business deal with them? Sure, even though there is not much first hand here - I agree it's a legitimate concern.

    But in the same breath, it's still not concrete enough NOT to be a rumor. It's hearsay, eh?

    Where's the beef? We need some meat :D

    This is merely a pre-emptive strike to prevent a thread to spin out of control with one sided accusations - not saying there are any here, but I'm just nipping this in the bud before a possible downward spiral.

    And I'm not sure how Intertops will want to approach this if at all.
     
  16. Apr 26, 2005
  17. mary

    mary Dormant account

    Intertops shmintertops, it's still good advice to folks:

    *Change your passwords from time to time, people.
    *Never use the same password on a casino (or anywhere) that you use for important things, like logging into your own computer or your Paypal account.
    *Never use these words as passwords:

    sex
    drugs
    god
    money
    jesus
    death
    rocknroll
    $$$$$$

    *avoid words found in the dictionary or someone's given name
     
  18. Apr 27, 2005
  19. jerryg

    jerryg Dormant account

    I understand. Just to clarify 2 points though:

    1. The guy never said that it came from someone who use to work from Intertops. Only that it came from "some guy offshore".

    2. No, I have no business deal with Intertops. However, I do have a project in the formation stage with a company who had a previous relationship with their company. I am not sure how my being in communication with Intertops would be perceived by this company, regardless of the nature of the communication. It may not be a problem in a case like this, but would prefer to not risk it.

    Where's the beef, eh? Pretty funny. After all this time, when I hear that phrase, I always think of those little old ladies from the Wendys commercials back in the 80s. lol.

    How does this sit with you? Do these look like the data fields that would be contained in a real casino database:

    IdPlayer
    IdLineType
    IdOffice
    IdAgent
    IdCurrency
    IdGrouping
    IdSource
    IdProfile
    IdPlayerRate
    IdBook

    Player
    Password
    Name
    LastName
    Title
    Address1
    Address2
    City
    State
    Country
    Zip
    Phone
    Fax
    Email

    Status
    AutoPay
    BalanceChecked
    CreditLimit
    NoLimit
    TempCredit
    SoftLimitPercent
    TempCreditExpire
    OnlineAccess
    OnlinePassword
    OnlineMessage
    OnlineMaxWager
    OnlineMinWager
    MaxWager
    MinWager

    CapPerGame
    ChartPercent
    MasterChart
    Master
    FlagMessage
    IdFlagMessageType
    MaxActionPoints
    BonusPointsStatus
    BonusPointsExpire
    BonusPointsStart
    LineStyle
    NHLLine
    MLBLine
    PitcherDefault
    DuplicatedBets
    DuplicatedBetsOnline
    FreePlayAmount
    FreePlayMessage
    ScheduleFB
    ScheduleBB
    ScheduleHK
    ScheduleBS
    SettledFigure
    ShowInTicker
    EPOSPlayer
    EnableHorsesOnline
    EnableCasino
    LastModificationUser
    emailverify

    IdPlayer
    CurrentBalance
    AmountAtRisk
    AvailBalance
    BonusPoints
    YTDWin
    YTDLose
    LifeTimeWin
    LifeTimeLose
    ThisWeek
    LastWeek
    LastCall
    AccountOpened
    LastWager
    LastGrade
    LastModification
    LastModificationUser

    How's that for beef? Hopefully it's a heathy portion, because I cannot hand over anything more than that without compromising someone's data.

    No worries. I understand how things go on the message boards. Better to be safe than sorry.

    Anyway, whether or not this is a real casino database is not in question at all, well, at least say sportsbook database. Whether or not it belongs to Intertops remains to be seen. I can say for certain that it is a database, but can not say for certain what site it belongs to.

    I have sent Sirius some notes to pass on to Intertops should they wish to investigate further to determine if this database is their property. If it is a matter they do not wish to investigate, then I will delete the file, as well as make sure that the other guy does the same.

    Ultimately, the best that can be said here is that if it is found to be their's, the best that can be done is for them to notify players that their password needs to be changed, or maybe even have the system reset all passwords so that everyone has to request a new one.

    Having the ability to track down the perpetrator (sp?) is impossible based on what I have. He no longer had the original email and could only tell me it came from someone at winning.com. I thought maybe that would turn out to be a portal owner or something, but there was no site there. It turns out to be part of the free email service offered by mail.com, so it's about like him saying it got sent to him by someone on hotmail.
     
    Last edited: Apr 27, 2005
  20. Apr 27, 2005
  21. jetset

    jetset Ueber Meister CAG

    Occupation:
    Senior Partner, InfoPowa News Service
    Location:
    Earth
    Bryan, in fairness to the above poster I believe it was Sirius (see post number 1 in this thread) who mentioned the departing Intertops official, not him.
     
  22. Apr 27, 2005
  23. sirius

    sirius Senior Member

    Location:
    UK
    I would just like clarify this a bit. The change in COO is just something I found doing some research into Intertops. Jerry was contacted about the database at about the same time as this but I wasn't implying it was this executive guy sending the database out.

    Jerry has just received the database in the last day or so after asking his contact for it and it seems certain that it is at least the database of some sportsbook. It actually contains closer to 20,000 entries, although many are duplicates and probably not as many as 17,000 distinct accounts. You may remember a similar incident when Bring Me Luck's database was published online. I can confirm that it isn't that database because that one contained far fewer fields and also included Credit Card details.

    I wasn't correct about there being credit card details in the alleged 'Intertops' database, although it may be possible to access those funds if someone had access to your account. A problem at Intertops is that the password cannot be changed in the sportsbook (some people are reporting this).
     
  24. Apr 27, 2005
  25. jerryg

    jerryg Dormant account

    I just wanted to send a quick opinion on the subject of the COO, for whatever it is worth.

    Assuming that the database turns out to be the property of Intertops, I doubt very much that he would have been the one to send it out. Whoever is sending this out did it for free, so they had no financial motivation. The only thing I can think of is that it is someone who wants to harm the company to some level.

    Maybe my thinking here is off, but I would assume that an executive leaving his position would retain some level of stock ownership (or at least options) in the company. If so, then they would have every reason to want to see the company succeed, even if they are no longer directly involved. Because of this, it is hard for me to imagine any executive acting in this manner.

    I think the timing is pure coincidence.
     
  26. Apr 27, 2005
  27. jetset

    jetset Ueber Meister CAG

    Occupation:
    Senior Partner, InfoPowa News Service
    Location:
    Earth
    As was observed by people like Mary and Greedy Girl in the wake of the recent GFED disaster, this yet again underlines the critical importance of protecting the database.

    If this is the Intertops database, then I'm sure the management there is already monitoring this and other threads and will consequently be reviewing their security arrangements...and hopefully investigating who took it.

    One would also hope that they are taking urgent measures to advise their customers and recommend precautions.
     
  28. Apr 27, 2005
  29. Casinomeister

    Casinomeister Forum Cheermeister Staff Member

    Occupation:
    Homemaker
    Location:
    Bierland
    I've spoken with an Intertops representative over the phone, and he stated that after reviewing the information posted here they are unable to confirm that this is their database. They take all player security issues in earnest, and they will be contacting Sirius to get to the bottom of this. Sirius should be expecting an email.
     
  30. Apr 27, 2005
  31. jerryg

    jerryg Dormant account

    I can't say either way, but I'm suspecting that it does not belong to that particular operation. The only reason it was ever even thought to be theirs is because that's what the guy sending it out had said, but in looking at how account numbers are structured, I suspect this belongs to a different sportsbook. Still too early to say. Trying to get some more information.
     
  32. Apr 27, 2005
  33. sirius

    sirius Senior Member

    Location:
    UK
    I have been given a small sample of account numbers, names and cities and it looks like these accounts belong to another sportsbook group and not Intertops. I'm not certain yet, although I've given Intertops the details and should receive a reply soon.
     
  34. Apr 27, 2005
  35. sirius

    sirius Senior Member

    Location:
    UK
    I am in contact with the new group I suspect it belongs to and will reveal more details soon when I get verification.
     
  36. Apr 27, 2005
  37. sirius

    sirius Senior Member

    Location:
    UK
    I haven't been able to verify with the group yet but I'm almost 100% certain that these accounts in the database come from another big sportsbook group, Global Sports Corporation Entertainment Group, headquartered in the Isle of Man.

    The sites include: 7Palms, Betzone, Betmaker, GoldMedalSports and Bookmaker. They also have add-on casinos.

    It's advisable to change your passwords if you have accounts at any of these sites. They are well rated in some places.

    Having a sample of the account numbers helped identify the group but it was thanks to a bit of inspiration from Jerry that I could identify the group. The account number sample I was given from the database start with these letters: BK,BM,GM and VP. I have verified that Bookmaker.com accounts start with BK and betmaker.com accounts with BM.

    I'm sorry for jumping the gun on this but at least I've got to the bottom of it now. I will try and update the first post on this thread to make it clear that the leaked database was not the Intertops database afterall.
     
  38. Apr 27, 2005
  39. jerryg

    jerryg Dormant account

    Thanks for all of your help with this one Sirius. You've been worth your weight in gold with handling all of the communications.

    Glad to see that Intertops has nothing to worry about, and am happy that it seems we have at least nailed down what company's property the database is.

    Just let me know if they would like a copy for their own investigation, and I will send it out as soon as I receive the email or ftp instructions for sending it. Conversely, please let me know if they say that is not necessary, and I will clear it off my system immediately.
     

Share This Page