We talked earlier about the possibility of cheating the casino, about how Alex picked up the algorithms from the Aristocrat slot. But I didn't expect this. BetVictor Casino, which, by the way, is licensed in Gibraltar and the UK, inadvertently published its administrative passwords on its website, which could open access to player data. It would be a gift to any dishonest user.
There was a terrible mistake that could have led to serious consequences if the information fell into the wrong hands. A two-page document containing logins, passwords to enter the casino system, and even links to pages where you had to enter these data, were available to any site visitor.
Chris Hogben witnessed this error. On the home page of the site, he opened a support window where he selected the knowledge base. There, he found a file called “Logins / Links to Back Offices - Internal ” (Logins / Links to the back office - internal).
Chris immediately informed the operator about this, after which the casino began to act so that the documents became inaccessible to visitors. However, it is unknown if he was the first to discover these files.
It all happened just a few days ago - June 26. But how long these documents were in the public domain is unknown. It is possible that someone could be interested in such data, especially considering that fans of hacking something or getting something in a forbidden way are always spinning around the casino.
According to an eyewitness, the document was dated 2015. It contained logins and passwords that could be easily guessed. That is, if passwords and logins were active, then the security of the casino was a big question. Most systems could be entered, but Chris did not even try, as this would qualify as a violation of the law.
Chris Hogben himself writes about this on Medium and compares the case to when a person leaves the keys to the apartment under the rug. True. Just outrageous irresponsibility.
In the blog, he details how he got to the internal documents of the casino. Chris was looking for information and decided to look into the database instead of asking via chat or email. According to him, there was not a single article in the database, but there was a search box.
He typed in what he was looking for and instead found manuals for casino employees. One of the documents he provides screenshots shows manuals on how to deal with a player if they want to block their access to the casino. Below is a screenshot that Chris posted on Medium.
By the way, very interesting to read. Now we will give the translation of the text that is visible in the screenshot. The first paragraph is not complete, but it seems to say that when a player wants to block the casino, you tell him ...
"For example, "Is there a particular product you're having trouble with?" or "is there a specific reason you want to do this?".
Maybe the client is having a game freeze and is getting stressed out, or just had a bad game session, but we might , we can dissuade them.
We must be as proactive as possible, trying to solve any problem if we can.
If you have asked questions, but the client still insists on blocking casino games , then you tell them that you will pass this case on to a manager who will contact the clients in a few hours.
This will give the client time to cool down before he speaks to one of the Group Leaders about the blocking account. ”
p>
The position of this casino is clear. Of course, you always subconsciously realize that only a few casinos actually implement a policy that puts the interests of the players first. But when you read such manuals, it becomes unpleasant. To delay the process on purpose so that the player changes his mind is outrageous. By the way, certainly goes against the UKGC rules for responsible gaming.
But thanks to Chris and his important discovery, we now know as a fact that casinos (perhaps only some) have a dark policy towards players.
After Chris realized that these were internal documents, he began to dig deeper to determine the extent of the problem. As a result, he found that document with logins, passwords and links to the casino's internal systems. Below is a screenshot from Chris.
At the moment, BetVictor does not provide details of what happened. Therefore, there is no information about whether someone else used this data to enter their system, and whether there was a threat to the data of the players. The operator only says that they are investigating a case with a software supplier.
