Personal data of some 3.5 million users of the Ultimate Bet poker website have been made available for download on an online forum for a short time.
The data included the users’ full names, screen names, birth dates, e-mail, mailing and IP addresses, phone numbers, UB account numbers and balances, deposit methods used, VIP, affiliate and blacklist status. It was linked in a post by an unknown forum user for just eight minutes, but it was long enough for many to download it.
“We looked up a small number of known accounts, and we were unable to find anyone with a UB account whose personal details were not leaked accurately,” Subject: Poker reports. “It is of course possible that some subset has been removed or altered.”
They also point out that some of the data contained seems impossible to identify, and that some type of data is jumbled and mixed with other types.
“It is not clear who leaked this information or why he chose to do so,” they say. “The domain name and hosting were registered privately, and the website existed for long before the data was leaked. Some of the files themselves offer clues: A few contain small subsets of the full data, suggesting that the leaker may have created samples to show others.”
The leak apparently did not contain any credit card data or Social Security numbers, and as the accounts of Ultimate Bet customers were blocked after the US Department of Justice seized the domain (along with others) this April, both the legitimate users and potential fraudsters are unable to retrieve money from the accounts.
But still, the leaked data can be used to perpetrate identity theft, hijack email accounts or for mounting social engineering attacks, so users are advised to be on the lookout for such occurrences and to consider changing their email account passwords to something more complex and harder to guess or brake.