Clop hackers stole PokerStars poker players’ data

Online poker site PokerStars claims to have been the victim of an attack MOVEit Transfer, during which attackers gained access to confidential user data. TSG Interactive US Services Limited, which operates PokerStars in the United States, has begun notifying customers whose data may have been exposed during attacks on the MOVEit Transfer protocol by the Cl0p (Clop) group.

MOVEit Zero Day Vulnerability allowed the gang to access and extract certain information from the MOVEit Transfer servers that PokerStars used to store and share data. The MOVEit Transfer vulnerability is a SQL injection vulnerability that allows unauthorized attackers to access the MOVEit Transfer database and execute arbitrary code on the server.

Representatives of the company said that after the incident they refused to use MOVEit Transfer. The company became aware of the vulnerability on June 2. An investigation assisted by external experts concluded that “some files related to PokerStars may have been copied by an unauthorized third party between May 30 and May 31.”

According to PokerStars, the hack affected 110,291 people. Opened files contained the user’s personal data – name, address and social security number (Social Security Number, SSN).

Experts warn that cybercriminals can use personal information to commit fraud, ranging from identity theft and phishing attacks to opening new credit accounts, making unauthorized purchases or obtaining loans under false pretenses.

PokerStars said that so far there are no signs of malicious use of data. However, the company offered identity protection services to affected customers free of charge for 24 months.

The PokerStars brand is controlled by the Canadian online gaming company The Stars Group, which is owned by British betting company Flutter Entertainment.

It is worth recalling that hacking the MOVEit Transfer MFT platform happened May 27 thanks to a zero-day vulnerability CVE-2023-34362 . As of July 19, 383 organizations and over 20 million people have been compromised. And not all of them reported the data breach publicly. According to experts, an attack on the MOVEit Transfer service was being prepared back in 2021, when hackers probed possible ways to attack.