Caesars reportedly paid millions to stop hackers releasing its data | It’s the second Las Vegas casino group to be attacked this week.::Caesars Entertainment reportedly paid “tens of millions of dollars” to hackers who threatened to release company data.

  • JJROKCZ
    link
    English
    421 year ago

    I work in the casino industry, our databases are full of ssns, addresses, emails, telephone numbers, birthdates, food/liquor/tobacco/vacation/entertainment preferences, players with lines of credit through us, people cash checks or get cash advances through their credit cards through us so we have that info, through our play history data you can infer habits of where someone is or isn’t at certain times, some casino companies are now offering “cashless/chip less” play which is an app on your phone hooked up to a bank account we set up for you and tie to Experian, etc etc etc

    Casinos are essentially banks now, we have fuckloads of secure information and the casino industry hires the cheapest fucktards it can find on purpose to keep profits high. It’s no wonder we’re being targeted, we’re damn juicy targets. Even if IT tries our hardest, we’re handcuffed by cheap management and flat stupid users that fail phishing tests left and right and write down passwords on notepads or excel sheets

    • @[email protected]
      link
      fedilink
      English
      31 year ago

      So it is because you guys invaded people’s privacy by having data you don’t even need to operate?

      Sounds like a sad excuse.

      • JJROKCZ
        link
        English
        1
        edit-2
        1 year ago

        Much of that we do need to satisfy our regulatory requirements or offer products/services to players. You don’t get to be a big casino company by throwing a bunch of standalone slot machines in a building and having no reward/points program.

    • @[email protected]
      link
      fedilink
      English
      21 year ago

      Sadly this will probably not change unless attacks become so frequent that paying the ransom is more expensive than hiring competent people and teaching them proper opsec.

      It’s bound to happen at some point, but I wouldn’t hold my breath.

      • JJROKCZ
        link
        English
        11 year ago

        Sadly we’ll never be able to reach proper IPsec to all staff, Kyle in marketing is ALWAYS going to fuck it up because he thinks he’s a big shot who makes great business moves by buying cheap casserole dishes to give to players as gifts. That numbnuts is going to click the obvious scam link every time thinking he just found a new deal

    • @[email protected]
      link
      fedilink
      English
      11 year ago

      Thanks for that Insight, the last time i was in Vegas was about twenty years ago and i honestly had no Idea why a slot machine has to be online.

      • JJROKCZ
        link
        English
        21 year ago

        We can’t offer player points (that can be used on free play or free food or free hotel stays) without them being online and tracking the level of play on your card

    • @Phoenix3875
      link
      English
      01 year ago

      User being phished doesn’t leak the company’s database though.

      • @[email protected]
        link
        fedilink
        English
        31 year ago

        I think “user” in this case means “employee”. Phishing is by far the most common point of entry.

      • JJROKCZ
        link
        English
        11 year ago

        It does if that user has rights to access those databases, that would be a non-zero number of marketing analysis, p&a, data scientists, IT staff who maintain that infrastructure, etc. The most dangerous one is a compromised IT admin account and from the looks of it that happened to MGM this week