Forums

General Betting

Welcome to Live View – Take the tour to learn more
Start Tour
There is currently 1 person viewing this thread.
bilbobaggins
30 Sep 11 09:54
Joined:
Date Joined: 06 Jul 01
| Topic/replies: 17,994 | Blogger: bilbobaggins's blog
The short paragraph in the 244 page flotation prosepctus looked anodyne ennough.

Among 13 pages of risk factors was the generic heading: "Failure to adequately protect customer account information could have a material adverse effect on Betfair."

In one sentence the betting exchange, then shooting for a £1.39bn valuation, admitted it had "experienced a limited number of security breaches in the past [which have not had a significant effect on Betfair's reputation, operations, financial performance and prospects and in respect of which remedial action has been taken]".

No great drama there, then. Indeed, any potential investor weighing up last October's £13-a-share float was much more likely to have focused on the prominent description of Betfair's "unique" exchange technology, supporting more than 3m registered customers.

It "processed, on average, more than 5m transactions per day... more than on all European stock exchanges combined", page two of the prospectus trumpeted – a claim frequently echoed by David Yu, the man who graduated from chief technology officer to chief executive.

Nowhere did the prospectus – punted to investors by Goldman Sachs, Morgan Stanley, Barclays Capital and Numis Securities – detail what had really been going on lately with Betfair's renowned technology.

Namely, that a bunch of cyber-criminals, possibly originating in Cambodia, had breached the company's security systems on March 14, 2010. They had subsequently stolen, among other things, 2.28m "encrypted payment card account numbers and details", 3.16m "account user names with encrypted security questions" and 89,744 "account usernames with bank account details".

Indeed, a progress report marked "Betfair Critical Confidential" tells how "the attacker did indeed manage to copy the entire Sportex database" – the one that contains all cardholder details. The report is dated September 27, 2010. That's just six days after the company announced its "intention to list" – a statement containing Yu's explanation of how "Betfair's unique and highly sophisticated exchange platform technology is at the very heart of the company's success".

Such a confident statement is itself surprising. Just a month before the decision to press ahead with the float, Betfair had received a "Forensic Investigation Report" on the cyber theft from security consultancy Information Risk Management (IRM).

Its first conclusion was that: "Appropriate information security governance is not in place within Betfair and as a consequence the business has been exposed to significant risks."

Another one? That "appropriate technical controls relating to such elements as network segregation and file integrity monitoring that would provide Betfair the ability to deter, prevent and detect such an incident are not in place".

Neither did the prospectus detail the criminal and regulatory brouhaha unleashed by Betfair's belated discovery that, in the words of the "Project Brazil Progress Report, "a large volume of data" had been stolen.

The first Betfair knew of the theft was when a "production log server" crashed in its Malta data centre on May 20 – more than two months after the initial breach. That led to the discovery that "at least nine servers [had] been compromised in the UK and two in Malta".

The data was extracted, it turned out, "beyond Betfair's information systems perimeter via compromised hosts located within public internet service providers", themselves located in Belgium and Germany.

The theft was so serious that Betfair was forced to inform the UK's Serious Organised Crime Agency (SOCA), the Australian Federal Police and German law enforcement officials. It also notified the UK Gambling Commission and the Maltese Lotteries and Gaming Authority, as well as Royal Bank of Scotland, its "acquiring bank" – the lender responsible for accepting credit and debit card payments made via Betfair.

An "Incident Report to Regulators", dated July 15, 2010, explains that the thieves' haul included "approximately 850,000 unexpired credit card details" – a large number in relation to the company's current 949,000 "active users", or regular gamblers.

"We have taken the prudent view that the criminal has the expertise to decrypt the payment card details," Betfair admitted, though stressed that the "CVV2/CVC security numbers" were not stolen.

It said advice from RBS was that "this very significantly limits the ability of the cards to be used fraudulently".

On Thursday, in its first comments on the affair, Betfair insisted that the data were "unusable for fraudulent activity" and "there was no risk to customers".

Its July report to regulators states it had decided there was no reason to inform its customers, after taking advice from SOCA that "public disclosure would be detrimental to any intelligence operation or investigation".

It would have also been detrimental to its float. Betfair was, after all, listed on a racy earnings multiple thanks to some clever marketing that repositioned a business reliant on gamblers as a wizzy technology stock.

Investors have since lost 43pc of their money. They might now wish, notwithstanding Betfair's insistence that "remedial action" had been taken, that they had heard how consultants IMR pithily summed up Betfair's technology: "The IT infrastructure has not been designed, built or maintained to best practices."

THIS IS A SCANDAL THAT COULD RUN AND RUN - WITH BF PURSUED THROUGH THE COURTS FOR INVESTORS LOSSES.
Pause Switch to Standard View Betfair customers details stolen...
Show More
Loading...
Report frog2 September 30, 2011 10:03 AM BST
WOULD YOU BE SO KIND AS TO POST THE SOURCE OF THESE VERY SERIOUS ALLEGATIONS.
Report Stevie Gerrard September 30, 2011 10:04 AM BST
I read this in the telegraph today
Report modk September 30, 2011 10:05 AM BST
...

http://www.telegraph.co.uk/finance/newsbysector/retailandconsumer/8797834/Criminals-stole-customer-card-data-from-Betfair-just-months-before-float.html
Report modk September 30, 2011 10:06 AM BST
Should have just posted the link...

I always thought companies were legally obligated under Data Protection to inform customers if they lost their data
Report frog2 September 30, 2011 10:07 AM BST
Betfair seriously need to get their PR sorted out.
Report modk September 30, 2011 10:12 AM BST
have reporters declared war on betfair
Report hazel September 30, 2011 10:17 AM BST
If this is true, it further highlights that the senior managers should not have been offered very lucrative pay and bonuses after the float, but rather that the man at the top should have resigned.   It makes shareholders look foolish.  It makes customers think there is no difference between Sony and Betfair when it comes to customer data security and customer services.
Report bilbobaggins September 30, 2011 10:20 AM BST
Telegraph - sorry.
Report the silverback September 30, 2011 10:31 AM BST
My word the knives are out.
Report modk September 30, 2011 10:32 AM BST
should not have been offered very lucrative pay and bonuses after the float


-----

Wonder what else they kept under the carpet before the float
Report frog2 September 30, 2011 10:54 AM BST
A Betfair spokesman said: "Eighteen months ago we were subject to an attempted data theft. Because of our security measures, the data was unusable for fraudulent activity and we were able to recover the data intact. At the time, we contacted all the relevant authorities and worked closely with them regarding this matter and it was established that there was no risk to customers."

The statement doesnt make sense:

1. Subject to attempted data theft. (Was data stolen in this attempt?)

2. Data was unusable for fraudulent activity. (Data must have been stolen if they say it was unusable for fraud.)

3. Data was recovered intact. (How does this work? Was data taken leaving no copy at all at Betfair so it needed to be recovered to be used again by BF? If Betfair could use the recovered data how do we know no one else could (if it was encrypted could it not be cracked?)? Maybe it was a physical theft of a server that was recovered before the thief left the building?)
Report hazel September 30, 2011 11:03 AM BST
"no risk to customers"

Usernames, security questions, addresses, bank details, card details

Absolutely no risk there then.
Report modk September 30, 2011 11:04 AM BST
Im guessing it was data which could not be used for fraudulent activities such as a list of accounts numbers with the last 4 digits of card details like

23123123123 3525
21341252525 4343

which is usually the type of data which kept on local servers. It does makes for a powerful newspaper headline though "Cyber-criminals stole the payment card details of almost 2.3m Betfair customers"
Report the silverback September 30, 2011 11:09 AM BST
Is that sort of data really unusable when in the hands of professionals?
Report mrbojangles September 30, 2011 11:16 AM BST
Toyota and Sony are two prime examples of how not to do it with regards to damage limitation.

Toyota cars were allegedly responsible for hundreds of deaths due to sudden acceleration and other safety issues yet the company sat on vital data for years which could have prevented further fatalaties.

Eventually they got off the fence but layed the blame on poorly fitted floor mats which led to congressional hearings and humiliation across Toyota's global operations.

Two years later their market share is still in freefall and most industry commentators believe they will never recover.

More recently Sony buried their heads in the sand following data losses and the damage this has caused is rising daily.

Swift immediate action is the answer for any company suffering potential brand damage and this should start with a no nonsense statement from the very top clearly outlining the issues,and more importantly what action they are proposing to ensure no further repeats.
Report modk September 30, 2011 11:20 AM BST
As far as I know, yes.

I believe (although Im sure more clued up people can expand on this) that there are legal restrictions with storing financial payment details of customers which I think is why when you go to online shopping etc you only see last 4 digits of card when selecting previous payment choice as the rest of the details are stored elsewhere and are only called for the transaction.
Report frog2 September 30, 2011 11:28 AM BST
In the early years the people at the top of Betfair would regularly communicate with their users. I cannot remember ever reading a statement from the current CEO directed to customers. Mark Davies used to be the public face of Betfair. Who is it now?
Report modk September 30, 2011 11:35 AM BST
Surely every customer (of the 2.3 million) should have been sent an email informing them of the breach and then reassuring them that no customers were at risk.

The fact they shoved it under the carpet sends a disturbing message as to the changing priorities of this company.

Profit
Sharehodlers
Bonuses















Customers
Report Feck N. Eejit September 30, 2011 12:05 PM BST
Shocking stuff but you wonder why people feel the need to hack the site. If they want to defraud betfair customers why don't they just register and betfair will give them a helping hand to do the rest?
Report Ghetto Joe September 30, 2011 12:15 PM BST
"We have taken the prudent view that the criminal has the expertise to decrypt the payment card details," Betfair admitted, though stressed that the "CVV2/CVC security numbers" were not stolen."

As far as I was aware companies aren't meant to keep a record of those numbers anyway? Does that mean Betfair were keeping a record and it was secure or that was the one item not stolen because they didn't hold it anyway?
Report dave1357 September 30, 2011 12:31 PM BST
This is the end for me - they must think there customers are mugs, so I can't support such a company.
Report frog2 September 30, 2011 1:07 PM BST
From the bank of america:

When is it acceptable to store CVV2 & CVC?

It is never acceptable for Acquirers, merchants, or service providers to retain CVV2 and CVC, which consists of the last three digits printed on the signature panel of all Visa and MasterCard cards, subsequent to transaction authorization. The Visa and MasterCard Operating Regulations prohibit such storage, whether encrypted or unencrypted
Report Duncan Disordorli September 30, 2011 1:12 PM BST
Surely not from the real Mark Davies...??? [:o]

markdavies
Today 11:48 AM
Recommended by
4 people
Last year betfair allegedly lost £10 million on a botched casino promotion.

betfair have welched on these payouts and in some cases have retrieved funds from peoples bank accounts

http://www.casinomeister.com/f...

then in the first set of results after this fiasco, betfair have incurred an an extra £10 million spend on IT which is declared as "assets"

The Telegraph is only scratching the surface at the moment, but the house of cards that is betfair will come crashing down.
Report Feck N. Eejit September 30, 2011 2:13 PM BST
Years ago on the UltimatToryBoy forum one of the forumites was going on about some casino promotion which mistakenly meant the punter couldn't lose. Betfair ended up taking a large sum off him as a result of him having taken advantage of this offer. How unlike the way they handled the clock beating affair. It seems there's one law for them and another for their customers. Betfair seem to view their customers with the same disgust I would imagine prostitutes must view theirs.
Report pittsburgh phil September 30, 2011 2:24 PM BST
I don't know which is the most shocking: the fact that this happened, and customers were not informed for a year and a half, or the fact that few have bothered to read and understand this thread.

This is a serious issue and there can be no excuse for not informing customers at an earlier date. In 18 months accounts could have been emptied, bank accounts emptied, other sites such as paypal accounts emptied.

Why?

Because the vast majority of people use the same account details on different sites. If you use the same username and password on Betfair as you do with any of the other bookies, or facebook, or paypal then the cybercriminals could have logged into those sites and stolen money.

This is why data breaches like this must be reported to customers immediately. Any delay can cause significant loss and I can see a whole load of **** going Betfairs way because of this.

Rest assured the ICO will bark, wag finger, but take absolutely no action against Betfair because of this. And the fact that there is no equivalent of US Class Action in this country means that potential damage from compensation is limited. But make no mistake. Betfair are now tainted: trust has gone, and that can never be regained.
Report howard September 30, 2011 2:34 PM BST
Phil they didnt get passwords did they , just usernames ?
Report racingguru September 30, 2011 2:46 PM BST
I think the problem is that BF didn't come clean with what was stolen, how it compromises customer security at the time and leave the customer the option of making necessary changes like informing bank, changing card, closing account etc.

Now in recent times a high st electronics chain here in Canada informed me that their membership database had been hacked, so my address, phone number etc had been compromised but at least I heard it from them and not a newspaper. BF should have been upfront with this - it just looks too shifty and whatever they say now will be treated with utmost suspicion.
Report modk September 30, 2011 3:10 PM BST
The delay is what concerns me most, i can accept they have been victim of a hack but not informing customers at all (we would still not know if telegraph did not get sight of report) is worrying.

But having said that, apparently SOCA advised Betfair not to inform customers after it was determined that no customers were put at risk.

So for me, question is what should betfair have replied to SOCA

Sorry, we are going to inform our customers. This is a serious breach we want to make our customers aware of the theft, reassure them that the data stolen could not have been used for fraudulent activity

Or

OK, we wont inform our customers as this could damage your investigation, besides we're annoucing to float on the stock exchange next week

I actually think they are hiding behind that SOCA advice. Like racingguru, Ive received a several emails down the years from companies informing me that they have been subject of a hack, full details such as exact time it happened and what actions have been taken and what was stolen etc

Nothing worse than reading about it in the paper EIGHTEEN months later.
Report modk September 30, 2011 3:18 PM BST
Nine servers in total were downloaded. So let's just get this straight;

Hackers accessed these servers through a back door, 1 by 1 downloaded the entire server. Not 1 alarm went off, no firewall detected it or logged all the data leaving, no light flashed up and the onyl way they found out was 2 months later when one of the servers fell over and they realised all the data had been siphoned off!

WHat is the IT manager doing there, he must be like Homer Simpson at the power plant
Report frog2 September 30, 2011 3:18 PM BST
The article on information-age.com...

The Telegraph claims that Betfair had not informed customers of the breach on the advice of SOCA, which it quotes as saying that "public disclosure would be detrimental to any intelligence operation or investigation".

However, a spokesperson for SOCA told Information Age that this is an overstatement by the Telegraph for a number of reasons, including the fact that it is not always SOCA's policy to make such a recommendation. The spokesperson added that informing SOCA of a data breach is not the same as initiating a criminal investigation.

Betfair would not comment on this part of the story.
Report modk September 30, 2011 3:19 PM BST
Yeah i thought so. Hiding behind that!
Report Total Bosman September 30, 2011 3:31 PM BST
Quite aside from the actual substance of the report, the whole thing really highlights what a mess Betfair has become in terms of reputation.

The leak comes from a confidential report, presumably from an unhappy employee.
The report is being eagerly reported by the media, presumably unhappy at being banned from the AGM.
The report will further worry customers already unhappy at rising charges, reliability failures and other negative PR Betfair is generating.
The report will further aggrieve shareholders already unhappy at huge drop in value, this important information having been kept from them at the time of their investment.

So, apart from Messrs Yu and Morana with their fat bonuses, not a lot of happiness around.  Looks like Betfair are starting to reap what they've so arrogantly sown.
Report brendanuk1 September 30, 2011 3:34 PM BST
The company admitted the theft, but said the data leak wasn't a threat to its customers because the stolen data was recovered.

“Because of our security measures the data was unusable for fraudulent activity and we were able to recover the data intact,"


Anyone like to guess what this means? Seems like gibberish to me, stealing data is not like stealing a car Confused
Report modk September 30, 2011 3:37 PM BST
THey need to get an email out to customers or something on the forum/website as this is rumbling throughout the media now and people are going to interpret this differently

THey need to state exactly when it happened what they did what was stolen why they never informed customers (cant use SOCA anymore, sorry).
Report Feck N. Eejit September 30, 2011 3:41 PM BST
Betfair "transparency". Cry
Report brendanuk1 September 30, 2011 3:43 PM BST
Wonder if the crash was a running out of disk space, at that point they looked and saw some file growing large.

SOCA might have been hoping that the theft was still ongoing? If they know they are from Cambodia they must have seen them coming into and on the network. Would have to be very sure indeed to say that the crims didnt download it Confused
Report brendanuk1 September 30, 2011 3:44 PM BST
they will hide behind the justifiable we dont talk about our security measures publicaly
Report Feck N. Eejit September 30, 2011 3:56 PM BST
Someone is saying Pittsburgh Phil has tweeted that Betfair have deleted his account for commenting on this thread. If that's true betfair's getting more like the Borgias by the day.
Report Stevie Gerrard September 30, 2011 4:05 PM BST
yes I have seen that tweet, also clicked on phil and his profile has disappeared
Report brendanuk1 September 30, 2011 4:15 PM BST
poor show that
Report screaming from beneaththewaves September 30, 2011 5:10 PM BST
"public disclosure would be detrimental to any intelligence operation or investigation".

Isn't this the same line Betfair peddled to explain why they allowed known, subsequently banned insiders to continue to lay non-triers on here for months on end?
Report jimmy69 September 30, 2011 6:09 PM BST
This is shocking PR but no one here has vented their anger at the Cambodians...surely they are the real criminals here?
Report jimmy69 September 30, 2011 6:13 PM BST
...and has anybody had their details compromised? I haven't heard of anyone complaining.
Report Feck N. Eejit September 30, 2011 6:25 PM BST
I got a threatening email from some guy called Khmer Rouge Cry
Report Feck N. Eejit September 30, 2011 6:26 PM BST
An American senator once described Cambodia as Vietnam's Vietnam Laugh
Report Garzooka September 30, 2011 6:52 PM BST
They would only do that for a reason
Report Just Checking September 30, 2011 7:28 PM BST
I once had a holiday in Cambodia. The people dressed in black.
Report SHAPESHIFTER September 30, 2011 8:54 PM BST
http://www.youtube.com/watch?v=R11x32WoxrM
Report Just Checking September 30, 2011 9:09 PM BST
Devil
Report the big bossman September 30, 2011 9:22 PM BST
bf_fananatic    what you got to say
Report Homer Jay Simspon September 30, 2011 9:32 PM BST
Meanwhile, I hear Betfair customers are being surveyed today on what they would feel about bingo being introduced to the site. That isn't a joke.

Good to see the priorities are right.
Report the big bossman September 30, 2011 9:51 PM BST
nge that had payment card details of 2.3m punters stolen by cyber-criminals, has lost its computer security chief in the latest high-profile executive departure.

Sean Catlett, the director of group security, is expected to leave the company at the end of this month. His exit is known to have been in train for some time, with sources saying it was not related to the theft.

The Telegraph revealed on Friday that Betfair lost virtually its entire customer database 18 months ago in the run-up to last October's £1.39bn float.

It did not tell its customers about the theft and neither did it provide any details in its flotation prospectus, where it drew attention to the company's "unique" technology and referred only to "a limited number of security breaches in the past".

A Betfair spokesman said: "Sean Catlett is taking on a great opportunity at a security start-up and we will be announcing his replacement in due course."

Mr Catlett is thought to have been in charge of the security team since just before the breach on March 14, 2010, since when there has been considerable upheaval within the department, with the departure of more than 20 security personnel.

They have included Marcus Pinto, head of application security, Stephen Kapp, an application security specialist, and Fiona Fryer, data protection manager.

The spokesman said that during Mr Catlett's "time with us he has been upgrading the team significantly and bringing in new, highly experienced people, hence the departures".

One Betfair insider said that the departures meant that "almost all the senior security specialists who knew the systems best have now left". Betfair's revolving door across much of its business has unnerved investors, who have seen the shares dive from their £
Report the big bossman September 30, 2011 9:52 PM BST
Betfair, the betting exchange that had payment card details of 2.3m punters stolen by cyber-criminals, has lost its computer security chief in the latest high-profile executive departure.

Sean Catlett, the director of group security, is expected to leave the company at the end of this month. His exit is known to have been in train for some time, with sources saying it was not related to the theft.

The Telegraph revealed on Friday that Betfair lost virtually its entire customer database 18 months ago in the run-up to last October's £1.39bn float.

It did not tell its customers about the theft and neither did it provide any details in its flotation prospectus, where it drew attention to the company's "unique" technology and referred only to "a limited number of security breaches in the past".

A Betfair spokesman said: "Sean Catlett is taking on a great opportunity at a security start-up and we will be announcing his replacement in due course."

Mr Catlett is thought to have been in charge of the security team since just before the breach on March 14, 2010, since when there has been considerable upheaval within the department, with the departure of more than 20 security personnel.

They have included Marcus Pinto, head of application security, Stephen Kapp, an application security specialist, and Fiona Fryer, data protection manager.

The spokesman said that during Mr Catlett's "time with us he has been upgrading the team significantly and bringing in new, highly experienced people, hence the departures".

One Betfair insider said that the departures meant that "almost all the senior security specialists who knew the systems best have now left". Betfair's revolving door across much of its business has unnerved investors, who have seen the shares dive from their £13 float price to 741½p on Friday night, up 2½ on the day.

The holders of the two top jobs are both leaving. Chief executive David Yu, Betfair's former chief technology officer, announced in June that he would go once a successor was found. Last month, chairman Edward Wray told the annual meeting that he would also be stepping down.

Other recent departures include Matt Carter, the director of architecture, research and prototyping, and Mathias Entenmann, chief product and services officer.

Charlie Palmer, head of mobile and Robin Osmond, chief executive of financial betting exchange LMAX, have also quit.

The theft, thought to have originated in Cambodia, triggered a criminal investigation with Betfair forced to notify the UK Serious Organised Crime Agency, as well as Australian and German police.

More finance stories from telegraph.co.uk
1 comment
Show: 
Post a comment 

00Garry C 39 minutes ago Report Abuse
Encryption,,,,,,,????????????????????????????????????????
Reply
Post a comment
Comment Guidelines
4000 characters remaining
You will appear as:




Change Photo · Change Name

Also share this as an update to: Manage Updates
          Add Facebook
Post Comment
  Clear
Top Stories

FTSE 100 Suffers Worst Quarter Since 2002 - Sky News
France's Accor signs franchise deal in UK - Reuters
Betfair security chief Sean Catlett latest high-profile departure - Telegraph
UK investors have every right to go cold on Polymetal's flotation - Telegraph
ADVERTISEMENT

Subscribe to this topic

Top Stories
    
Board & Management Changes
Report stewarty b September 30, 2011 11:19 PM BST
ttt, till I resad all.
Report stewarty b September 30, 2011 11:20 PM BST
*read
Report Aussie Punter October 1, 2011 2:56 AM BST
More concerning is Pittsburg being rubbed out ?
Report Lori October 1, 2011 9:19 AM BST
Wonder what else they kept under the carpet before the float

More like what else they kept under the carpet before alienating all the media
Report jackhulk October 1, 2011 9:30 AM BST
What does this mean for the end user. Should we inform our bank/cancel card etc? Most likely if the data was usable it would have been used by now, however they could still be sitting on it.
Report Feck N. Eejit October 1, 2011 9:34 AM BST
If any of the media choose to show what actually happens with ir betting and the money that people are winning betfair will be in serious trouble. Betfair's rotating bow ties seem hell bent on destroying exchange betting.
Report Aviboyd October 1, 2011 10:41 AM BST
I have an unusual name that used to be the only one on Facebook.  Now there are two Cambodians on there with my name! Cry
Report the bank man October 1, 2011 11:18 AM BST
always amazes me betfair still allow all these posts on their own forum. to me, the clock beating scandal is still the worst case of "sweeping under the carpet" that i've experienced on here though. i know a guy that made 100k off it in the few months it was available, and there was also the scouse guy that allegedly had a nice touch with it as well. i'm not jealous.Cry
Report saint-pilgrim October 1, 2011 11:42 AM BST
Now ... now I understand PC2 and PC3. Bf needs to raise money to pay the Cambodians. Bf_fanantisct, could you please make an official statement?

P.D.
I once, inadvertently, managed to beat the clock: I was about to click on "place bet" and suddenly the radio speaker loudly said: "goooooooooaaaaaal". The sudden surprise made me click, more an instinctive reaction than a voluntary one, and although it took 8 seconds for the bet to be matched ... it was matched (quite possibly the last one in the queue) Unluckily it only paid for a beer.
Report jackhulk October 1, 2011 12:54 PM BST
Missed the 'clock beating scandal', is there somewhere I can read about this please?
Report the bank man October 1, 2011 1:07 PM BST
jack,

there were some long running threads on general betting about it a few years ago. it was around 2003. basically what happened was you would place a bet above/below the market in a long term market so that there was no chance of it getting matched. the purpose being to tie up all the funds in your account. you would then bet in running at a crucial point in a market with a 3 or 5 second countdown. as a crucial putt was on its way or a bowler was running toward the wicket you would place your bet. if the putt went in or the wicket fell you would cancel your long term bet thus freeing up the funds in your account and allowing the bet to be placed. if it didn't go in you you did nothing and the bet was returned as unplaced due to no funds available in your account.
Report jackhulk October 1, 2011 2:15 PM BST
Haha! Oh dear, thanks Bank. So how long did this little episode go on for and how did Betfair finally find out? No doubt due to someone boosting about it on the forum?
Report the bank man October 1, 2011 6:00 PM BST
No one really knows for sure how long it went on, from memory the guy I know got approx 6 months out of it. Betfair did an upgrade at some point and the glitch was ironed out. No one had ever spoken on the forum about it but a few months after the loophole was closed it came out on the forum. The guy I know called me the day it was closed off and told me about it, I can honestly say I never heard anyone so gutted in my life, and no wonder.
Report the bank man October 1, 2011 6:00 PM BST
No one really knows for sure how long it went on, from memory the guy I know got approx 6 months out of it. Betfair did an upgrade at some point and the glitch was ironed out. No one had ever spoken on the forum about it but a few months after the loophole was closed it came out on the forum. The guy I know called me the day it was closed off and told me about it, I can honestly say I never heard anyone so gutted in my life, and no wonder.
Report The Magician (100) October 1, 2011 6:19 PM BST
The bank man

did the guy that made the 60-100K betaing the clock - continnue to bet in large sums, or did her just take the money and run....
Report the bank man October 1, 2011 7:04 PM BST
he carried on magician, did and continues to do very well for himself.
Report frog2 October 1, 2011 9:47 PM BST
The clock beating incident was bad but I dont think we can blame the current management team for it. Has the current CEO issued a statement to Betfair members about the security breach yet? should I be cancelling my card? Thats what is important now. We need reassurance about the current situation. What happened in 2003 is not important. Betfair need to put the details of this security breach into the public domain ASAP.
Report vila October 1, 2011 10:24 PM BST
I wonder if canceling your card will make betfair remove the details. Would be good to get a statement on that. I see no point in keeping my card registered as I can not withdraw to it anyway.
Report jimmy69 October 1, 2011 11:05 PM BST
This happened ages ago. Has anyone had their cards compromised in the meantime...I haven't heard of any...so please stop worrying.
Report Feck N. Eejit October 2, 2011 12:55 PM BST
What happened in 2003 is not important.

It was important to those who subsequently discovered they were fleeced. None were compensated. How many of those customers were lost to us as well as betfair? It was also an early warning sign as to what type of outfit betfair were/are.
Report hazel October 2, 2011 3:05 PM BST
Sunday Times were not too complimentary in today's article in business section. "Foul Times for Betfair", "It's one gaffe after another"......  They say they have been told, "PR chief hired for float is taking a back seat to spend more time with her family."  Also they say Head of Security is leaving for unconnected reason, that on top of other management departees.
Report viva el presidente! October 2, 2011 3:13 PM BST
and yet here you still are, feck.
Report nbdbscms October 2, 2011 3:39 PM BST
Now this has been widely covered in the press,you would expect betfair to at least have explained to customers what happened rather than let us have to discuss it on here from press reports.They really do totally ignore its customers and the PR department appears to be nonexistent.
Report anfeild October 2, 2011 4:37 PM BST
Not letting customers know in the first place was an utter disgrace.
Report Feck N. Eejit October 3, 2011 11:02 AM BST
What's your point vive?
Report hazel October 3, 2011 1:39 PM BST
http://www.bobsguide.com/guide/news/2011/Oct/3/lieberman-software-says-betfair-data-breach-sends-all-the-wrong-messages.html

Lieberman Software

".....The Lieberman Software president went on to say that, while it remains to be seen whether this payment card data was encrypted, the firm is still in clear breach of the PCI DSS rules and may well have been in breach of the Data Protection Act as some customer data was allegedly stolen by cybercriminals in Cambodia.
.....it is amazing that the betting exchange did not notify its customers of the data breach, he noted.
.....This all smacks of only doing the bare minimum – as required under law – to deal with a data breach, and not considering the best interests of Betfair's customers. One is forced to conclude that the proximity of the betting exchange's flotation had a lot to do with this, he explained.
.....Most corporate governance and IT security professionals will be amazed at what has transpired and, as the facts emerge, you can bet your bottom dollar – as many Betfair punters do – that the management of a large number of organisations will conclude that they too can afford to take risks with their data security, and get away with it. That is bad news for the IT security profession and business generally, in my humble opinion.” he added."
Report viva el presidente! October 3, 2011 10:12 PM BST
fairly obvious, I'd have thought.
Report Feck N. Eejit October 4, 2011 11:47 AM BST
Not to me it's not. Where in my post did I say anything that suggested there was reason for me to leave? I wasn't defrauded by the clock beaters / betfair.
Report viva el presidente! October 4, 2011 5:56 PM BST
well, then it'll be something for you to ponder on in rare moments between a) calling betfair every name under the sun and b) using betfair.
Report Feck N. Eejit October 4, 2011 6:05 PM BST
You're turning into a right old sweetie wife viv. In fact you'll be getting an invite to the Christmas coffee morning for Feck's b1tches.
Report Mr.Anderson October 5, 2011 8:36 AM BST
So still no comment from BF about this? It does raise some questions...

Was it "just" the secret questions, or also the correct answers to those questions?

What kind of encryption was used, and exactly how uncrackable is it? How can you rule out that the data was copied and that the crooks will be able to break the encryption in the future.

What's included in bank details? Just account numbers, or also names, towns etc?

When will the trial of the Cambodians be held, and where, or has it already been held?
Report frog2 October 5, 2011 9:46 AM BST
Betfair's current PR policy seems to be:

1. Not release information to customers.

2. When they are caught out release bits a pieces to the press via an unnamed 'spokesperson' with no comebacks (in this case did SOCA really stop them telling their customers, why were 3 digit security numbers mentioned when they cannot hold them anyway, what has been done to protect systems going forward).

3. Repeat step one and wait for press/forum attention to die down.

4. Continue with business as usual.
Report bf_fananatic October 5, 2011 11:31 AM BST
Cushtey[;)]
Report Just Checking October 5, 2011 1:39 PM BST
Mr.Anderson, I've been wondering that myself. As we sit here, is some pile of encrypted data on us sitting with someone trying to crack it? 2 or 10 years from now, will they manage?
Report bf_fananatic October 5, 2011 4:11 PM BST
Considering the data went to the Congo, one would assume theres more chance of Dr Livingstone
turning up there and getting the new big job at BF , than them cracking the codes[;)]
Report mrbojangles October 5, 2011 6:43 PM BST
Most cards have already expired by now so really not alot to worry about imo.
Report Mr Magoo October 6, 2011 10:07 AM BST
Has anyone had any luck getting information from Betfair about this hack?

I've been struggling to get answers to any question about it from Betfair contacts. The lack of any public statement or information from the company is disgraceful.
Post Your Reply
<CTRL+Enter> to submit
Please login to post a reply.

Wonder

Instance ID: 13539
www.betfair.com