1. By continuing to use the site, you agree to the use of cookies .This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy.Find out more.
    Dismiss Notice
  2. Dismiss Notice
  3. Follow Casinomeister on Twitter | Facebook | YouTube | Casinomeister.us US Residents Click here! |  Svenska Svenska | 
Dismiss Notice
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!

At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.

Registration is fast, simple and absolutely free so please, join Casinomeister here!

PlayMillion - Data Breach in E-Mail

Discussion in 'Online Casinos' started by Nicola, Nov 12, 2014.

    Nov 12, 2014
  1. Nicola

    Nicola Casino Affiliate MM mm1 webmeister

    Occupation:
    Web Developer
    Location:
    Green Park, London
    Had a e-mail come through from PlayMillion a short while ago which was in Polish with a MS Word attachment. After translating it to English I discover this was meant for someone else as it contained a gentleman's name, e-mail, telephone, address and credit card numbers who had deposited several large amounts earlier today.

    I have played at PlayMillion but have not logged in or deposited for a while.

    No response on their phone number or by e-mail yet.

    [​IMG]
     
  2. Nov 13, 2014
  3. Nicola

    Nicola Casino Affiliate MM mm1 webmeister

    Occupation:
    Web Developer
    Location:
    Green Park, London
    Update:

    --

    Thank you for bring this to our attention.

    Please accept our sincere apologies and note that this have been escalated to management.

    Kind Regards,

    Laura

    Playmillion.co.uk Customer Support
     
  4. Nov 13, 2014
  5. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    Maybe I'm just paranoid, but that kind of thing wouldn't make me feel too safe with them having MY credit card and other personal info. :mad:
     
  6. Nov 13, 2014
  7. vinylweatherman

    vinylweatherman You type well loads CAG MM

    Occupation:
    STILL At Leisure
    Location:
    United Kingdom
    This is probably going to be a cover up. You would be better off informing the Information Commissioner's Office so that there is at least a record of this having happened. It may have happened to others, and at different times, but by isolating the cases and sending an apology and/or "please keep quiet" email there is little incentive for them to really get to the bottom of how this happened, and make the changes necessary to prevent it in future.

    This is the result of not processing the other player's personal data in accordance with the rules. Lots of companies do it, and lots of companies brush the more minor issues under the carpet. They then get caught out when a long standing unpatched vulnerability is attacked by someone who REALLY knows what they are doing, and out pop several million data records.
     
  8. Nov 13, 2014
  9. dunover

    dunover Unofficial T&C's Editor Staff Member CAG PABnononaccred PABnonaccred PABinit mm3 webmeister

    Occupation:
    International Money Launderer
    Location:
    the bus shelter, opposite GCHQ Benhall
    If this site is UK licensed (which I doubt but maybe wrong) then just this ONE offence would get them seriously fined in all likelihood. Banks which do this i.e. leave sensitive info in bin-bags etc. start counting fines in the tens of thousands. I agree that this SHOULD be reported Nicola; there by the grace of God goes YOUR info.....:mad:
     
  10. Nov 13, 2014
  11. Nicola

    Nicola Casino Affiliate MM mm1 webmeister

    Occupation:
    Web Developer
    Location:
    Green Park, London
    Final Update:

    --

    I am writing to you regarding the mistake made.

    We hope that you accept our sincere apologies for this honest mistake which was clearly a human error.

    This case is now under internal investigation and we can confirm that appropriate measures are being taken.

    Thank you again for bringing this to our attention and we can assure you that this will never happen again.

    If you have any further questions, do not hesitate to contact us.

    Best regards,

    Stefani

    Playmillion.co.uk Customer Support Supervisor.
     
  12. Nov 13, 2014
  13. vinylweatherman

    vinylweatherman You type well loads CAG MM

    Occupation:
    STILL At Leisure
    Location:
    United Kingdom
    There's your "please don't grass to the ICO" email;)

    The problem is, how can you alone police the "internal investigation" and measures taken to ensure it doesn't happen again?

    This could even be a standard template email to brush the issue under the rug, and that the "investigation" and "measures" might be no more than a "don't let it happen again" slap on the wrist. This would do little to put systems in place to guard against a future "human error", and if they had been taking this seriously to start with, a system would ALREADY have been in place to catch this type of error before the email left their systems. A simple data check to validate the "to" field, the ticket number, and the account being dealt with should have spotted that the email address didn't match the account reference nor ticket.

    When such a problem has happened in the past, it has been blamed on the incorrect use of a database which has caused data beyond a certain point to shift up or down a row, resulting in the values after the error all being associated with the player account above or below, rather than the correct one.

    If this is "human error", it probably means that this database was manipulated manually, and an error was made in either adding or deleting a row, and this resulted in data shifting to where it shouldn't. There was then no software based integrity check when this data was used to process personal information, which in this case was emailing the answer to a query. Simply saying "be more careful when you edit that dataset in future" isn't going to make much difference as I expect the staff were already being as careful as they could within the time and pressure constraints of their task.
     

Share This Page