- Licence Checking
- Paddy Power Data Breach
- Betfair Customers Card Details Stolen
- Betvictor In Password Blunder
- William Hill Hit By DDoS Attack
- Dealing With Traffic
- Website Issues Remain Unavoidable
The rapid spread of online gambling has made placing our bets easier than ever, but greater convenience cannot come at the cost of reduced security. Nowadays with more and more online bookmakers storing your personal details as well as your hard-earned cash, it’s important to ensure you’ve signed up to somewhere that’s really going to keep you safe and secure. Bookmakers across the industry place a real emphasis on keeping their customers protected, but some do it much better than others.
As well as looking at sites that have suffered security problems in the past, we will also take time to focus on those which have experienced issues with downtime. Not being able to place your bets due to DDOS attacks or website bugs can be a real source of frustration for anyone wanting to place a bet, access their cash, or check how their bets are getting on. The advent of in-play gaming, plus the volatility of odds in some markets means that constant account access is of particular importance when it comes to online betting.
For UK customers, it’s easy to check to see if a bookmaker is fully licenced by the Gambling Commission. A government-approved license ensures that a company has passed a long list of checks before they can legally offer their services to the British public. The UK Gambling Commission is one of the most stringent regulatory bodies out there, so to a certain extent, any bookie licensed to operate has at least some degree of credibility.
After obtaining a licence, the bookmaker must also follow a strict code of practice and failure to fall short of this will see them hit by fines or suspensions. The Gambling Commission also ensures customers can raise disputes during instances where they have been unable to resolve issues with the bookmakers directly. In July 2019, they announced additional standards regarding alternative dispute resolutions (ADR), providing customers with an even more secure and impartial way of resolving complaints.
Paddy Power Data Breach
In 2014, some of you might remember when the well-known bookie Paddy Power revealed that hackers stole the personal information of 649,000 customers (29% of all users) four years earlier. The stolen data included names, addresses, dates of birth and details of the security questions but not any kind of personal financial details.
Some of the information was in the possession of an unnamed Canadian resident who subsequently had his IT assets seized. The Data Protection Commissioner criticised Paddy Power for taking so long to reveal the data breach, having been informed about it five months prior.
Betfair Customers Card Details Stolen
The attack on Paddy Power occurred at a similar time to an even larger one launched on Betfair – a betting site trusted by many and absolutely legit in any aspect. An internal report obtained by the Daily Telegraph revealed that cybercriminals, thought to be from Cambodia, gained access to Betfair’s internal systems in 2010. In doing so they gained access to the card details of around 2.3m customers and a further 2.9m usernames with addresses.
The company informed the UK Serious Organised Crime Agency, among others, but not the affected customers prior to floating on the stock market. As troubling as the news was, Betfair insisted that the stolen data was “unusable for fraudulent activity” and that security measures were strengthened immediately afterwards.
Betvictor In Password Blunder
In June 2018, Security researcher Chris Hogben found usernames and passwords for 22 different URLs on BetVictor’s site. He did so simply by searching ‘admin’ into BetVictor’s help section in what was the digital equivalent of leaving your front door key under the plant pot.
The fact that information about back-end systems and portals – usernames, passwords, and URLs – were just a few clicks away from the home page is a rather embarrassing gaffe, to say the least. Although Hogben didn’t try the credentials himself, what followed was a BetVictor cagy response saying that they couldn’t confirm or deny their authenticity would suggest someone had majorly messed up at their end.
William Hill Hit By DDoS Attack
In November 2016, something unthinkable happened – many William Hill customers found themselves unable to place bets following a widespread DDoS hit, which targeted some of the biggest sites on earth. The reason why it was exactly William Hill that was explicitly targeted rather than any other site remains unknown, but it may have just been sheer misfortunate.
Strategically launched around some high-profile Champions League fixtures, the worst of the attacked occurred over a 24-hour period in which several English teams were in action. Estimates indicate this could have cost William Hill up to £4m, but tireless work from their IT team ensured the damage wasn’t even greater.
Dealing With Traffic
Attempted DDoS attacks on betting companies are not uncommon, although few are as successful as the one mentioned above. Usually though, issues with site speed and access, in general, are simply caused by an increase in genuine customers usage as data shows us from the time of the 2017 Grand National.
Popular betting sites such as SkyBet, Ladbrokes, Paddy Power and Tote all fell way short of average loading times. Unable to cope with the spike in demand, some customers on these sites faced a frustrating wait before they could place their bets. The good news is however that when a problem like this occurs, bookmakers can improve their servers to ensure the risk of such problems is reduced in the future.
Website Issues Remain Unavoidable
Try as they might though, it’s simply not possible to run a service on a busy website that works perfectly every second of every hour, single every day. This is something highlighted by Downdetector, which tracks realtime issues and outages users suffer on a wide range of popular sites.
This includes several bookmakers and whether they have issues logging in, placing bets or not being able to cash out, frustrated customers report their problems to let others know they are not alone. By using the data provided on their site, we can get an accurate idea of which sites experience the most problems.
Looking at all incidents since the beginning of 2018 to date, one of the most popular sites around bet365, fared the worst, recording no fewer than 29 problems during this period.
They stood head and shoulders above, or should that be below, all of their major rivals such as William Hill (18), Ladbrokes (15), SkyBet (15) and Betfair (12). Clearly this is a major area of improvement for bet365. In fairness to them, they do have a particularly secure site featuring several firewalls and an Information Security Management System, but, so it seems right now, perhaps not an especially reliable one.
When it comes to choosing a reliable and safe place to place your bets, no website anywhere in the world is entirely immune from problems as we’ve shown above. The fact that America’s CIA had its website hacked showed that nobody can be considered 100% safe.
That said, when it comes to online betting, there has been no site in the industry that has been repeatedly hit by severe data breaches or DDoS attacks, suggesting lessons are learned quickly.
In our tests, bet365 suffered from the most performance-related issues, but on the flip side they are pretty much as safe as it gets when it comes to your personal information. There’s certainly no king when it comes to reliability in the industry, but by sticking with the more well-known outlets, licenced by the Gambling Commission, you’ll enjoy a much larger safety net should you experience any problems.