[ad_1]
The post posted on the Raid Forums customer database exchange forum shows that 257 thousand. Customer data of Olybet or the former betting company Orakulo. Among them – e. insecure email addresses and passwords.
The data seems to be sold by other programmers than in the case of CityBee, because in the forum it is called by another name: “0x1A4” The programmer does not describe the circumstances in which this data fell into his hands.
“The data was not used, because until now nobody needed Lithuanian databases,” he writes. According to this, the CityBee scandal prompted him to make this data public.
One email sells a weakly encrypted mailing list and passwords for $ 100 worth of bitcoins and $ 1.5 thousand. USD bitcoins sell the entire dataset with more than 3,000. data tables. The programmers then specified that they only sell 5 copies of the full data set.
“I don’t know what’s inside, but it seems like everything that could have been protected by Oracle or OlyBet is probably there,” says IT security expert Artūras Orševskis.
The expert points out that 257 thousand. data hacker indicates 50 thousand decrypts, which sells. For those who have purchased the remaining data, the database is offered to be encrypted.
Although the owner of Olympic Casino Group Baltija assures that the company Orakulas was acquired in 2015, and since then the data has not been leaked, the programmers provide different information.
When other forum members started saying that the data posted was too old to be used, the programmers themselves clarified that it was 2015-2018. data.
“They were hacked many times in 2015-2018. Period. In one of the subdomains subdomain) was a security vulnerability that was only addressed in 2018. at the end when they changed the name to olives“He writes.”
Current customers may have been affected too
According to experts, it is still difficult to decide how old the data will be sold. According to A. Orševskis, there are currently suspicions that current Olybet customers may have been affected, but the data is currently being evaluated, making it difficult to answer.
“It seems that the entire database was once much older than the CityBee case, it may be more than 10 years ago. I cannot confirm this because I do not know if there is more recent data.
I hope there is no person in Lithuania who has not changed their password for 10 years, but everything can be (that current users may suffer – Delphi). However, here is only very preliminary data, if it really is that old data in the database.
You can see the email. email addresses with takas.lt, one.lt etc., which were once used in our society, although these may only be the first records in the database and we do not know if record 257 will not take place yesterday or the day before, ”says A. Orševskis.
In the case of CityBee it was 110 thousand, in this case almost 260 thousand. user data. “There are definitely more data leaks, there will probably be passwords that will be repeated. So far, just rumors that only old data has been leaked, the database is not that relevant,” he says.
Repeat Citybee history
At the time, cybersecurity expert Marius Pareščius says it repeats Citybee history.
“It just came to our notice then. For example, I look at the employee information, I look at all the information on the website, technically what I see is probably the ability to find out what a particular customer has bet on. .) Therefore, it can be said that current customers may also have been affected.
So far, I only see the names of the tables, I don’t see the data, but it could be that the filtered data is also painful this time, ”he evaluates looking at the tables.
The expert cannot yet answer how old this information is.
“Emails are also used today. Email addresses by name takas.lt, one.lt and etc. If the company name has changed, it does not mean that the database has also changed, ”says M. Pareščius.
The company says current customer data has not been affected
“What is published online is not our database, it is orakulas.lt a database that really has nothing to do with the current OlyBet database, “said Tomas Palevičius, CEO of the company.
It stated that Olympic Casino Group Baltija acquired Orakulas in 2015 and the data has not been leaked since then.
“As a company, we have had no data theft or leaks since the acquisition, so we affirm that our customers’ data is safe,” said Olympic Casino Group CEO Baltija.
Olympic Casino Group director Baltija says old customer data has been disclosed.
“It is difficult to say what the data is. The visible data is not ours, we can confirm it. You can see that the data is very old, I am even afraid to say in what year, because the emails themselves. The post offices are the they don’t exist, ”said T. Palevičius.
He also said that there was no reason to contact the police about the data breach so far, but that there were plans to request the use of the OlyBet brand to publish old customer data.
Rytis Rainys, head of the National Cyber Security Center, informed BNS that no incidents had been recorded with the Oracle database in the center’s incident management system.
It is strictly prohibited to use the information published by DELFI on other websites, in the media or elsewhere, or to distribute our material in any way without consent, and if consent has been obtained, it is necessary to indicate DELFI as the source. .
[ad_2]
