Massive Data Breach at Stake Casino

[spindoctor99]

Well its been reported in the news, and via email that there has been a massive data breach.
The information that was stolen was the following:

• username
• email
• date of birth
• phone number

The information was stolen from mixpanel who are a third party provider which is used for analytics.

Stake is not accepting any responsibility for it and is just saying "not our fault its mixpanel's fault". The fact remains though that Stake provided all the users's information to mixpanel and legally is responsible.

Its really poor form that they are just fobbing everyone off. Another issue which Stake seems to ignore is that there is no tracking of failed withdrawal attempts. Generally speaking the withdrawals are instant and yet for some reason they don't log if a withdrawal fails.

Eddie and co run stake like the Wild West but because they are so big they can basically do what the fuck they want.

 

[Webzcas]

This is not the first time that Stake have been hacked. Back in September 2023 a security breach resulted in them losing around $38m -

You do not have permission to view link Log in or register now.

Information on the latest breach here:

You do not have permission to view link Log in or register now.

 

[conker]

This is going to be an absolute nightmare for those hacked customers. Many use the same email address across multiple casino accounts.

Those 4 data points mentioned above are the kind of information that will help hackers access accounts.

And Stake's response: Not our fault, not our problem

How very thoughtful of them

 

[Webzcas]

They are not having a good year, what with having to give up their UKGC licence at the beginning of 2025.

Conker raises good points above. Everyone should use unique passwords for all casino accounts. Also if you want to be even more secure, use a unique email account for every casino account you open.

 

[conker]

Don't forget being sponsors of the Bonnie Blue does Nottingham Trent Uni (on her knees). Was the straw that broke the camel's back on their UK license.

Must Read Thread 'Stake Exits UK Following Gambling Ad Investigation'

Feb 13, 2025

Everton Football Club’s front-of-shirt sponsor, Stake, is withdrawing from the British market after an investigation into an advertisement featuring adult film actress Bonnie Blue.

The ad, filmed outside Nottingham Trent University, showed Blue stating she was there to "sleep with 180 barely-legal 18-year-olds," while Stake's logo appeared on the screen. Campaigners criticised the ad, urging the culture secretary to act against the use of sexualized content to promote gambling to young people.

Following the investigation, the UK Gambling Commission announced it would warn Everton about...

• Webzcas
• licensing stake ukgc
• Replies: 21
• Forum: Casinomeister News and Info

• 

 

[conker]

Has anyone received the email from Stake confirming the hack yet?

 

[spindoctor99]

Has anyone received the email from Stake confirming the hack yet?

Yes.

We want to let you know about a recent security breach that occurred through one of our third-party providers we use for analytics, Mixpanel.

Mixpanel has no access to Stake’s infrastructure. This breach occurred in Mixpanel’s systems and impacted multiple companies that use their services.

Stake’s platform and infrastructure was not accessed. Your password and funds remain secure.

We recently learned that some Stake user information was included in the data that was accessed. We are sharing this information so you can stay vigilant.


What Happened

Mixpanel was breached through a SMS phishing (smishing) attack that resulted in unauthorized access to their systems. The incident was stopped that weekend. The ensuing investigation determined that the attacker exported files containing Stake user profile information before Mixpanel contained the incident.

Mixpanel have confirmed the following data was included as part of this incident: username, email, date of birth and phone number.

Online monitoring services are in place to look for additional information relating to this incident.

What We’ve Done

Validated that our systems have not been impacted
Confirmed that Mixpanel have fully contained the incident

Mixpanel has secured their systems and is currently working with law enforcement.

What You Can Do

We strongly recommend to avoid impersonation scams and phishing attacks, that you add passkeys to your account, or alternatively if you cannot use passkeys, enable 2-factor authentication.

We also have the following suggestions to help stay safe

Be cautious with emails or requests pretending to be from Stake
Stake will never ask for your password or 2fa code
Keep your devices and operating systems up to date

Best regards,
The Stake Team

 

[spindoctor99]

Stake are saying implying they don't your name etc but a lot of users have their name in the email address, ie [email protected]
They are definitely trying to waive responsibility so they can't be sued however the fact remains; users gave Stake the information and its their responsibility to ensure this information is secure. Users have an expectation that the information is safe. If this went to court Stake would be fucked.

 

[Webzcas]

Mixpanel was breached through a SMS phishing (smishing) attack that resulted in unauthorized access to their systems. The incident was stopped that weekend. The ensuing investigation determined that the attacker exported files containing Stake user profile information before Mixpanel contained the incident.

Another reason not to use SMS as your 2FA method.

 

[dunover]

Stake are saying implying they don't your name etc but a lot of users have their name in the email address, ie [email protected]
They are definitely trying to waive responsibility so they can't be sued however the fact remains; users gave Stake the information and its their responsibility to ensure this information is secure. Users have an expectation that the information is safe. If this went to court Stake would be fucked.

To what court could you take them though?

 

[conker]

Yeah, I think this shrugging responsibility is a smoke screen. Players didn't provide their details to Mixpanel, they provided them to Stake. The fact that Stake uses Mixpanel for analytics is completely irrelevant, as players never signed up to Mixpanel.

 

[spindoctor99]

To what court could you take them though?

We have had data breaches in Australia and there has been big class actions against those companies.
I'm sure someone could take them to court in the US... BUT its unlikely as degenerate gamblers won't want to risk losing their place to gamble.

 

[spindoctor99]

Yeah, I think this shrugging responsibility is a smoke screen. Players didn't provide their details to Mixpanel, they provided them to Stake. The fact that Stake uses Mixpanel for analytics is completely irrelevant, as players never signed up to Mixpanel.

I reckon they probably took more information than they are admitting to. What I don't understand is why the need to provide so much information to a company that handles analytics. Makes zero sense.

 

[conker]

What I don't understand is why the need to provide so much information to a company that handles analytics. Makes zero sense.

It's a very good point.