Optimal Payments User Info Possibly Compromised From Old Attack
10 November 2015
Forbes has released a big investigative article that goes into a lot of detail about the attacks against Moneybookers (now Skrill) and Neteller that happened between 2009 and 2010. Those hacks were thought to be fairly harmless at first, but it's come to light that millions of individuals had their data stolen in the breach. This includes password hints for Neteller along with telephone numbers, emails, addresses, birth dates and other information for both.
Implications of the Attack
At the time of the attack, Neteller was still one of the largest names in the online gambling world, dominating everything from casino games to online poker. Skrill didn't have its new name yet, but it was still widely used to transfer funds for various forms of gambling on the Internet. When you consider the fact that a lot of people still use the same log-in credentials as they did then, and when you consider that two databases from the attacks were releases between 2011 and 2012 (with information that's been independently verified), it could turn into a problem.
In October, Optimal Payments was given advance notice by the author of the Forbes piece, and this led to them confirming that both brands, now under the same ownership, were subject to those attacks. Moneybookers was attacked in 2009, and Neteller was attacked in 2010. It's important to note that these breaches weren't really talked about with users at the time because it wasn't thought that any serious data was compromised.
What Happened and Moving Forward
According to Optimal Payments, the breach for Neteller came after a server used for marketing was attacked through vulnerabilities in the content management system they were using. This was not the "meat and potatoes" of their operation, as executives at Optimal have pointed out. However, tons of slots and table games players now have their old usernames and passwords out there for the whole world to see if you know where to look.
For this reason, and as a general declaration for promoting privacy and safety when playing online, we suggest that all players routinely change up their passwords to help keep their personal information and financial details safe.