According to the news published on Russian RBC website, personal information of clients of the Pin-Up.bet platform was hacked. A database of nearly 10 million betting and online casino accounts Pin-Up.bet has been put up for sale on the darknet. Most of the data is related to Russia, and experts call them very sensitive.
BI.ZONE, a subsidiary of Russian Sberbank informed it found information about the sale of a database of users of the Pin-Up.bet betting platform on a darknet forum. More than 9.975 million people became victims of the leak, with more than 7.8 million accounts registered in Russia, another 1.3 million – in the UK, 600 thousand – in Turkey, the rest – in Brazil, the USA, Germany, and Azerbaijan.
The owner of the base is ready to sell it for $ 10 thousand, payment is accepted in cryptocurrency. For this money, he promises to provide the buyer with data on users’ e-mail, date of birth, phone number, financial information, address, gender, favorite game, etc.
According to Evgeny Voloshin, expert services director at BI.ZONE, the database being sold is up-to-date at the end of 2020. To prevent possible consequences, he recommends that users change their passwords and set up two-factor authentication, if possible.
The fact of the leak was also confirmed to Russian publication RosBussinesConsulting (RBC) by the head of the research group for public leaks of Group-IB Oleg Dyorov and the founder of the DLBI data leak analysis service Ashot Hovhannisyan.
Pin-Up.bet is online sports betting and online casino. In Russia, online casinos are prohibited, and the international version of the site is blocked by the decision of the Federal Tax Service, but its mirrors are available to users. In addition, the site Pin-Up.ru operates in Russia, which accepts only sports bets, without providing an opportunity to play in an online casino. Moreover, the owner of the pin-up.ru domain name, William Hill LLC, is listed in the register of gambling organizations in bookmakers or sweepstakes of the Federal Tax Service.
“Pin-Up.bet is our partner, but we have no direct relation to this company,” a consultant of Pin-Up.ru said in response to a request from RBC. – The difference is that Pin-Up.ru is a licensed betting company, we work in accordance with Russian law, we only offer bets on sports events. He also noted that they have no information on Pin-Up.bet.
“Cases, when data from betting platforms are leaked to the network, are quite rare. I would say that this is a large drain. Most likely, the server was hacked. They could have leaked through some kind of vulnerability like SQLi (one of the most common ways to hack websites and programs that work with databases),” Oganesyan notes. At the same time, he doubts that someone will buy the base for the price indicated by the seller, calling it too high.