SBTech sportsbook clients offline after apparent hack

sbtech-sports-betting-clients-offline-hack

sbtech-sports-betting-clients-offline-hackSports betting technology provider SBTech has reportedly been targeted by hackers, leading to the forced outages of the company’s sports betting clients.

This weekend, online sports bettors took to the forums to speculate on what was going on at a number of sportsbooks – including 10bet, Bet.pt, Bethard, ComeOn, NetBet, Churchill Downs Inc’s BetAmerica brand, Mansion and the Oregon Lottery’s Scoreboard wagering product – all of which are currently displaying some variation of ‘under maintenance’ on their homepages.

Early speculation suggested that SBTech had fallen victim to the same type of data hacking that recently befell Curacao-licensed online sportsbook BetUS, although that site remains operational (even if most of its customers remain as unaware of any digital shenanigans as customers of SBTech clients).

Suspicion also centered on a possible distributed denial of service (DDoS) attack, which are traditionally deployed against sportsbooks during or immediately prior to the launch of a major sports event. However, the COVID-19 pandemic means there’s virtually no sports events left on the calendar, so the ‘ticking clock’ aspect of a DDoS attack was well and truly absent.

Later reports indicated that SBTech had shut down its servers due to an unspecified cyberattack that may have been intended to steal company data and then ransom the purloined info back to the company, similar to the BetUS situation. However, SBTech has reportedly claimed that its data was properly encrypted and thus its chief concern is restoring its systems so that SBTech customers can get back to business.

Willamette Week quoted an Oregon Lottery email to customers saying SBTech “brought its systems offline as a precautionary measure in response to a cyberattack—suspending play on Scoreboard and other online sportsbooks using the platform.” The email added that the Lottery “have no reports of unauthorized disclosure or extraction of player data or account balances.”

SBTech is in the process of being acquired by DraftKings, which aims to bring its sports betting technology in-house. DraftKings is currently preparing for an initial public offering despite the ongoing public market uncertainty caused by the COVID-19 pandemic, and thus any prolonged outage by its new betting technology won’t exactly inspire investor confidence.

The Maze group that took credit for the BetUS hack operates a website from which the group occasionally issues messages detailing its latest exploits and the alleged justifications behind its activities. Maze likes to claim that its actions are quasi-altruistic, in that it’s simply exposing the shoddy security of most online portals and casting aspersions on the companies that charge big bucks for erecting such porous digital defenses.

Regardless of the legitimacy of that claim, all operators would do well to take a hard look at their own digital defenses, because the next time this bell tolls, it could toll for thee.