Paysafe Acknowledges Historical NETeller, MoneyBookers Data Breaches

Paysafe Group Plc, the company formerly known as Optimal Payments and the parent of such popular online-payment services as NETeller and Skrill, has confirmed in a London Stock Exchange announcement that consumer data for both NETeller and Skrill (earlier known as Moneybookers) was compromised during a pair of major hacking events that occurred in 2009 and 2010.

paysafe-logoPaysafe had previously acknowledged that the hacking had occurred, but only recently released details of the twin attacks.  In all, roughly 7.8 million current and former NETeller and Moneybookers/Skrill customers had at least some of their personal information stolen.  Paysafe’s own NETeller brand included 3.6 million accounts affected by the breach, while the Skrill data theft (for another 4.2 million accounts) occurred before Paysafe acquired that brand earlier this year.

The London Stock Exchange announcement, issued on Monday as required by law, included the following information:

LONDON and MONTREAL (30 November 2015) – Further to the announcement on 29 October 2015 relating to historic personal data breaches, Paysafe Group Plc (LSE AIM: PAYS “Paysafe”, the “Group” or the “Company”), can update on the findings of its investigation, which are as follows:

• The illegally-obtained data in the hands of third parties relates to limited account details from 3.6m NETELLER accounts and basic personal details relating to 4.2m Skrill accounts. Less than 2% of those NETELLER and Skrill accounts were active in the six months to 1 November 2015. Such data does not include passwords, card data or bank account information. Paysafe engaged a major accounting firm as part of its investigation, which has verified these findings.

• The Company believes that this data emanated from the cyber-attacks in 2009 and 2010 and is not aware of any similar breaches since that time.

• The Company is confident that this data will not in itself allow any existing NETELLER or Skrill customer accounts to be accessed.

As previously announced on 29 October 2015, in 2010 the Company’s subsidiary NETELLER was the target of a cyber-attack, which resulted in certain customer information being stolen. NETELLER reported this to the appropriate authorities at the time, and a third-party, independent forensic report was undertaken by a major accounting firm. The recommendations of the report were then followed and security was significantly strengthened with the aim of taking NETELLER beyond the industry standard.

The Company became aware that around 1,500 customers subsequently had their accounts compromised following the 2010 cyber-attack. The Company immediately took action to restore these accounts and all customers were reimbursed. The Company is not aware of any other reimbursal requests related to this incident since 2011.

In 2015, the Company bought Skrill Group. Skrill (then operating as Moneybookers) had experienced a cyber-attack in 2009, which resulted in customer information being stolen. As with NETELLER, Skrill reported the hack to appropriate authorities at the time. A third-party, independent forensic report was undertaken by a major accounting firm. The recommendations of this report were then followed and security was also significantly strengthened.

The Group’s executive management team, IT leadership and security protocols and standards have changed considerably since the breaches more than five years ago. The significant investment made to cybersecurity in recent years will continue into the future as Paysafe works to ensure it has the appropriate systems in place to defend against cybersecurity threats.

neteller-logoNo declaration was made by the company regarding the total amount of reimbursements made to the 1,500 customers it acknowledges had their accounts fully compromised.  Neither did the company declare that it had, in fact, conducted any sort of examination of all active NETeller accounts at the time of the 2010 attack to determine if the 1,500 customer-reported accounts — from which one can infer that balances were drained — were in fact all of the affected accounts.  Since it appears that the 1,500 acknowledged accounts were all self-reported by consumers, it remains possible that other thefts went unrecognized and, thus, unreimbursed.  It’s a lesson that all online consumers must remain vigilant, no matter the size or reputation of the firms involved.

It appears that some outdated, historic data involving former US customers of NETeller was included in the hacked data.  For about two years in the middle of the last decade, NETeller was the preeminent online wallet serving US customers of various offshore gambling sites.  However, that channel was closed abruptly when the US moved against NETeller and its Canadian founders, also seizing at least $55 million in in-transit funds between NETeller’s online bank accounts and those of its hundreds of thousands of US customers.

That set up protracted negotiations that weren’t resolved until 2008, when NETeller and its founders reached a settlement with US authorities; the settlement also included the release of funds held by NETeller that had been frozen in US customers’ accounts.

Even though those US players accounts were not used after 2008, they were still part of the data stolen in the 2010 hacking attack against the company.  Various news reports on Paysafe’s latest filing note that Australian data-security expert Troy Hunt has uploaded certain portions of the stolen data (which subsequently was sold and resold in the darker corners of the Internet) to his Have I Been Pwned website, which tracks at least 66 major corporate hacking breaches that have occurred in recent years.

This writer checked on her e-mail address that would have been on file with NETeller back in the 2005-08 timeframe and found that it was indeed included among the 3.6 million records at least partially stolen in the 2010 NETeller breach.  A check of the e-mail address used brought this response via Hunt’s site:

ScreenHunter_52 Dec. 02 10.42

Sadly, the hacking-related breach appears to include a complete listing of the information NETeller would have had on file, including (as can be seen at the bottom of the above image) “Account balances, Dates of birth, Email addresses, Genders, Home addresses, IP addresses, Names, Phone numbers, Security questions and answers, Website activity.”  To me, that sounds like everything, including additional info generated as customers logged into NETeller’s own corporate site.

Empirically, this writer’s experience suggests that most or all former US customers of NETeller have long since had their account details stolen and passed on through the online world’s seedier channels, perhaps making this only recently acknowledged theft one of the major sources for the streams of spam — often gambling-related — that many of these older e-mail addresses have received throughout the years.

COMMENTS

Leave a Comment

*

LATEST NEWS

filter by

Dan Katz

23rd June 2019 // Gossip, Misc, News, Poker Tournaments

Jeopardy! Destroyer James Holzhauer to Play in WSOP

The other poker players at the 2019 World Series of Poker had better hope that James Holzhauer has some catching up to...

Haley Hintze

22nd June 2019 // Industry, Legal News, Misc, News, Op-ed

Hand Histories and the Data Portability Issue

With hand histories and HUDs (heads-up displays) being a hot news topic in recent weeks, it’s time to revisit the...

Haley Hintze

22nd June 2019 // Industry, Legal News, Misc, News

California Tribes Lose in House-Banked Card Games Legal Battle

A lawsuit brought by three prominent casino-operating California tribal nations targeting certain house-banked games...

Dan Katz

22nd June 2019 // Industry, Misc, News

Electronic Arts VP Says Loot Boxes Are “Quite Ethical,” Not Gambling

The tug-of-war between video game developers and governments over loot boxes continued this week when Kerry Hopkins,...

Haley Hintze

22nd June 2019 // Industry, Legal News, Misc, News

Germany’s Lower Saxony State Bans Unnamed International Online Payment Processor

As part of Germany’s ongoing efforts to block online-gambling operators licensed elsewhere in the European Union...

Dan Katz

22nd June 2019 // Legal News, News

U.S. Reps Introduce Appropriations Amendment to Defund Wire Act Enforcement

The United States Department of Justice recently pushed back its enforcement date for its new interpretation of the...