Shuffle suffers data breach. Do not panic but read what I posted.

[Russlenat]

I believe affected casino can support a change email feature so that user can abandon exposed email.

Good suggestion, but honestly, I haven’t really come across any casino that has this kind of feature yet.
Your email is usually tied to your personal KYC account, and sometimes they even ask for your phone number too, so it’s not that simple.

And if your email does get exposed, I don’t think it’s a huge deal as long as you’re being careful.. like checking if the email really came from a legit source and staying aware of phishing attempts. If you’re cautious enough, you’re not likely to fall victim to it even if your email gets leaked.

[_act_]

I received the warning from Roobet too because they are also using the fast track service but they clearly mentioned casino funds or operations will not be affected by this because the data break is about the KYC information or something similar so they warn us to keep the email, KYC details could be abused.

I do not know if it has to do with KYC, but according to what Shuffle CEO posted on X, just their user's emails that were leaked and nothing more than that. I do not think they should be carelessly handling their customers KYC information. If they were leaked, the CEO would have also included it in his post on X.

[STT]

The 3rd party is liable, I hope their insurance is good for covering the mistake.   At this point we have recognize email is not a secure channel and engage with disposable email addresses on a regular basis ideally.
  Human nature is for something as convenient as possible which is probably also how the CRM got compromised.

[AmoreJaz]

The 3rd party is liable, I hope their insurance is good for covering the mistake.   At this point we have recognize email is not a secure channel and engage with disposable email addresses on a regular basis ideally.
  Human nature is for something as convenient as possible which is probably also how the CRM got compromised.

That's the importance of having insurance. Because these days, there are so many sophisticated softwares that any site can be vulnerable to hacking and other forms of online attacks. These hackers are actually always finding a way how to find the vulnerability of their target site. So they can penetrate the site and exhaust any monetary gain that they can get. Of course, if they are allocating their time to hit a site, definitely, they would want financial gain from what they are doing. They are not doing this just for fun, because most attacks are rooted because of the need of money. Other reasons are just secondary.

[Wind_FURY]

Well, these are sad things that happen. Unfortunately, I read this news on Cointelegraph:

https://cointelegraph.com/news/major-crypto-betting-platform-shuffle-com-announces-user-data-breach

According to the news, it was the outsourced customer service provider that was targeted by the hacker, not the casino itself. Since casinos never ask for passwords when the support agent is dealing with customers, everything is fine. Now, the problem is that in the emails people send to support when they have a problem, they mention their usernames and the amount they won. If these hackers read this and see that someone won a lot of money, they can focus on pursuing that person by various means they can. Like sending them constant emails to get them to click on a link and then gain access to their account.

A smart user with good OPSEC would never, or would be less likely, become a victim of Phishing Attacks. If you HODL large amounts money stored in Bitcoin or in crypto, then you should have different emails for personal use, professional use, Bitcoin/crypto-related use, and other sorts of uses.

Emails that you open for Bitcoin/crypto-related use cases should be opened in a virtualized operating system so that even if you clicked the email and "infected" the virtualized system, it would not infect the host operating system.

[Lida93]

...

And if your email does get exposed, I don’t think it’s a huge deal as long as you’re being careful.. like checking if the email really came from a legit source and staying aware of phishing attempts. If you’re cautious enough, you’re not likely to fall victim to it even if your email gets leaked.

Providing a change of email feature to tackle any related incident that might  expose a customer in the future should be considered, if possible. You can't constantly be that  too careful tho.

Sometimes a breach of this nature that have given hackers access to customer email may not be used in targeting the customer to scam them immediately because at this time the hackers are aware that the users are at alert about the underlying situation. So they might want to operate on the emails when the case might have die down and many minds have being occupied with other things.

[Lanatsa]

...

And if your email does get exposed, I don’t think it’s a huge deal as long as you’re being careful.. like checking if the email really came from a legit source and staying aware of phishing attempts. If you’re cautious enough, you’re not likely to fall victim to it even if your email gets leaked.

Providing a change of email feature to tackle any related incident that might  expose a customer in the future should be considered, if possible. You can't constantly be that  too careful tho.

Sometimes a breach of this nature that have given hackers access to customer email may not be used in targeting the customer to scam them immediately because at this time the hackers are aware that the users are at alert about the underlying situation. So they might want to operate on the emails when the case might have die down and many minds have being occupied with other things.

When an email gets exposed it might not seem serious at first but it can still lead to problems later on hackers don’t always act right away after a breach they know people will be alert during that time watching for fake emails or links so they wait until things calm down when everyone starts to feel safe again that’s when they use those leaked emails to send convincing phishing messages or scams this delayed move makes it easier for them to catch people off guard.

Having an option to change the email linked to an account would be a smart way to reduce this risk it gives users control to move away from a compromised address quickly if needed even if hackers still have the old email it becomes useless once the account switches to a new one especially when extra protection like 2FA or verification is connected to the updated email this kind of feature can really help limit future threats. Relying only on personal caution is never enough no matter how careful someone is there’s always a chance of slipping up because scams are getting more advanced some of them look almost identical to real messages from trusted platforms that’s why the focus shouldn’t just be on users being careful but also on companies building stronger systems to protect them things like alerting users about login attempts or offering quick email change options add layers of safety that help prevent bigger problems.

[salad daging]

Kudos to the management of Shuffle for opening up that they are facing this security breach. Some platforms might keep it secret because they are scared of losing customers. Clients need to know to helped them sensitive and conscious of any information that comes in.   

Shuffle is not the only casino which you should be praising; the majority of the affected casinos have already made an open announcement regarding this either on their social media page or through email and other means necessary. Any platform which is keeping quiet and doesn't disclose this type of issue to their customers is causing those customers more danger than good.

Not only Shuffle announced this, but Roobet also announced this issue on their social media on X. https://x.com/Roobet/status/1976740830410093018

So they (the casino) announced this issue not only on X but also sent emails to inform their customers about this issue so that all customers would know not to mistakenly click on links sent by scammers.

But fortunately, this issue was not a big one, and most customers were already aware of it.

[Orpichukwu]

Shuffle is not the only casino which you should be praising; the majority of the affected casinos have already made an open announcement regarding this either on their social media page or through email and other means necessary. Any platform which is keeping quiet and doesn't disclose this type of issue to their customers is causing those customers more danger than good.

Not only Shuffle announced this, but Roobet also announced this issue on their social media on X. https://x.com/Roobet/status/1976740830410093018

So they (the casino) announced this issue not only on X but also sent emails to inform their customers about this issue so that all customers would know not to mistakenly click on links sent by scammers.

But fortunately, this issue was not a big one, and most customers were already aware of it.

Most of the customers get aware of this through other social media posts regarding the Fast Track breach but might never be aware that the casino they make use of is also using the Fast Track service, which makes them affected until they get mail or a notification which will confirm the whole incident, which is when they will directly be sure, just like myself. If I had not gone ahead to check on my mail, I could not have noticed that a few casinos I make use of are affected too.

[Odohu]

What is the implication of this data breach because there was no mention of anyone losing money as a result of the incidence? I know it is good to bring the post here to clear the air and to avoid misinformation but adding the implication of such attack will enable the affected members be at rest knowing the consequence of what has happened. Exposing the email address of users is a big challenge but is that the only problem?

[Lida93]

Snip

When an email gets exposed it might not seem serious at first but it can still lead to problems later on hackers don’t always act right away after a breach they know people will be alert during that time watching for fake emails or links so they wait until things calm down when everyone starts to feel safe again that’s when they use those leaked emails to send convincing phishing messages or scams this delayed move makes it easier for them to catch people off guard.

...

I do hope that all the casinos affected by this breach through their connection with Fast Track would adopt this suggestion for the very best. And just incase other measures are taken by the casino which doesn't follow with change of email addresses then I advise that customers be extremely careful to always access the platforms through their URL to inquire about any messages they might receive hencefor in their email. Treating all messages as threat until proven not to be.

[Alpha Marine]

Shuffle will not ask you for your login details and it will not ask you to click on malicious link.

Every reputable Bank, exchange,  Casino site and every other service I can think of always say this, yet users still for it? Why? It's almost like people don't read these things. There is no service I know where the customer service will require you to give them your login details or other private information for them to help you fix an issue. This is not something that happens only with gambling casinos; it happens almost everywhere. Sometimes people get calls, texts or emails from scammers posing as the authentic service telling you about a problem you have and how you need to give them your login details for them to solve the issue. That's a big red flag. Anything a company can't fix for you without your login details can be fixed by you. No reputable company will ever ask you for your login details to anything. Please stay vigilant.