Alert !! Security Breach at Stake.com. Personal data of players got leaked.

[promise444c5]

So this means our sensitive data wasn’t really hacked? I read somewhere that for KYC now, a third-party provider is already handling it, so at first I thought this was something serious..

Name and email could be sensitive for some.. some do use their regular email account for registration and that could be used to push a lot of Notifications (not necessarily from the casino ) for a malicious purposes and the fact that they know your name as well could give them a infos about you especially if you have poor OPSEC, making it a little bit easier to get into you.
But yeah it’s not that much of a reason to panic too much .. just make sure  to be careful with the way you interact with mails received.

[Odusko]

This news makes me worried. I hope Stake can clear it and make sure that their system and all data is in secure. Members who give their documents must be calm down and not panic.

I guess this is the first strike before the next strike. It should make Stake be more careful and monitor their system. This time, Username, Email address, Date of birth, and Phone number breached but we never know what next.

I think everything is clear. Stake has stated it only non sensitive data were affected, but the sensitive data was not. Username, email, date of birth and phone numbers are not really that important. The only possible thing to use such data by selling it to the marketing platform. It's also important to note it's third party vendor that gets hacked, not stake.

The best to ignore any spam email or call that may come to use, setting two FA, and hope third party vendor will be even more competence in strengthening their security system.

As much as we appreciate this information being brought to our notice just like every other hack's that haven't taken place in the past, for us to take actions and put measures in place that can prevent easy access to our personal account on those casinos, stake acknowledge and clear statement have debuck every act of fear from the general stake community, third party service providers have little to no effect on players accounts unless on games settlement at the time of the attack.

[Xylber]

Mixpanel works on the companies that use their service, and it's not specific based in what region you are.

So why were some users informed and others not? Is it because Stake only informs those users whose data was compromised?

[Text]

So why were some users informed and others not? Is it because Stake only informs those users whose data was compromised?

from what OpenAI explained not all users were affected, the notification was sent only to accounts whose limited analytics data appeared in the dataset Mixpanel shared w/ them. Mixpanel is a 3rd party service used globally but the incident didn’t impact everyone using the platform so yes similar to Stake or other companies only users whose data may have been included were informed. Important part is no passwords, API keys, payments/chat data were exposed just limited profile/analytics info on Mixpanel’s side.

[vanesha]

Stake.com is the largest gambling site. It was hit by a data breach involving player information. Unfortunately, I did not receive any notification, and it seems I never completed KYC on Stake.com either. I pray that the leaked data is not misused. It’s best to change your password immediately as a precaution, and also be careful when sharing personal data.

[Tigerheart3026]

i've an account in stake.com casino website, i am not make gamble in regularly so that i don’t know this information, after i've seen your post, now i am checking my email box but my last mail received 7th, oct 25, i didn’t received any mail from stake.com about security breach, i didn’t complete kyc in stake.com, what's type of personal data got leaked? i just used my email to sign up stake.com, i think i am safe and i've no money in my casino wallet.

[m2017]

What data could that be? Identity information?

Yeah it is KYC related data. Like username, name, email, phone number etc.

KYC, which was supposed to "work for the benefit of the user", only creates problems for them. Perhaps we should finally acknowledge that KYC is evil, directly harming users?

The worst part is that KYC is mandatory and forced upon users. For the sake of their data leaking to an unknown destination?

BTW, it is good that Stake.com openly admits the breach and took a professional approach.

As if this makes things any easier for users whose personal data has been leaked. And in any case, whether you admit it or not, the public will still find out, and concealing or denying it will only create reputational costs.

Therefore, for the sake of a "good name", there is no choice but to admit the leak.

But according to the email, they said email and password are not breached,

Next time…

[Charles-Tim]

KYC, which was supposed to "work for the benefit of the user", only creates problems for them. Perhaps we should finally acknowledge that KYC is evil, directly harming users?

The worst part is that KYC is mandatory and forced upon users. For the sake of their data leaking to an unknown destination?

Yes, KYC is extremely dangerous. But Stake is just a gambling site for me, I am using just little amount of money on Stake to gamble. That makes the KYC not to be a problem for me.

But if truth should be told, most of us on this forum are using centralized exchanges which their P2P and withdrawal into fiat requires KYC. Is that not true?

KYC is dangerous but regulation is another thing.

[Outhue]

Mails are the last thing you should all believe, when you get a inbox and it looks like something bad happened you are to find the team and ask them first, because at times hacker find a way into the accounts of trusted entities and businesses, a mail coming from a business company doesn't mean it's legit.

Stake is nothing but a gambling platform, I don't expect their security to always be strong and this is why some people don't like passing KYC on a casino, but still I don't believe that KYC is that dangerous anymore when we have AI that's capable of mimicking the original identity of humans, how is that? By far more dangerous isn't it? Whatsoever a stolen KYC information is been used for will be instantly exposed for some reason that they are stolen identities.

[shield132]

This is why people don't really like giving their kyc info IMO. 1 misclick and some asshat can get all your person info. Good thing the person wasn't able to get into stake files and only got usernames and such. I think these days most use 2fa, but if you don't i'd take the advice of the email and add it just to be safer.

Sadly, there are no regulations that will protect customers. The government lets them to ask for KYC like a candy but they do not set a standard and guidelines for casinos to follow it and guarantee maximum data security to their customers. I also don't feel comfortable when a random casino employee can view any information about me. I think that it should be managed by the government department.

I pray that the leaked data is not misused. It’s best to change your password immediately as a precaution, and also be careful when sharing personal data.

The whole purpose of leaked data is to be misused. It is usually illegally sold on websites or someone uses that data to do some scams and there are many innocent victims of such data leaks.

KYC, which was supposed to "work for the benefit of the user", only creates problems for them. Perhaps we should finally acknowledge that KYC is evil, directly harming users?

We acknowledge it but governments don't because they don't care.