Paysafe Acknowledges Historical NETeller, MoneyBookers Data Breaches
Paysafe Group Plc, the company formerly known as Optimal Payments and the parent of such popular online-payment services as NETeller and Skrill, has confirmed in a London Stock Exchange announcement that consumer data for both NETeller and Skrill (earlier known as Moneybookers) was compromised during a pair of major hacking events that occurred in 2009 and 2010.
Paysafe had previously acknowledged that the hacking had occurred, but only recently released details of the twin attacks. In all, roughly 7.8 million current and former NETeller and Moneybookers/Skrill customers had at least some of their personal information stolen. Paysafe’s own NETeller brand included 3.6 million accounts affected by the breach, while the Skrill data theft (for another 4.2 million accounts) occurred before Paysafe acquired that brand earlier this year.
The London Stock Exchange announcement, issued on Monday as required by law, included the following information:
LONDON and MONTREAL (30 November 2015) – Further to the announcement on 29 October 2015 relating to historic personal data breaches, Paysafe Group Plc (LSE AIM: PAYS “Paysafe”, the “Group” or the “Company”), can update on the findings of its investigation, which are as follows:
• The illegally-obtained data in the hands of third parties relates to limited account details from 3.6m NETELLER accounts and basic personal details relating to 4.2m Skrill accounts. Less than 2% of those NETELLER and Skrill accounts were active in the six months to 1 November 2015. Such data does not include passwords, card data or bank account information. Paysafe engaged a major accounting firm as part of its investigation, which has verified these findings.
• The Company believes that this data emanated from the cyber-attacks in 2009 and 2010 and is not aware of any similar breaches since that time.
• The Company is confident that this data will not in itself allow any existing NETELLER or Skrill customer accounts to be accessed.
As previously announced on 29 October 2015, in 2010 the Company’s subsidiary NETELLER was the target of a cyber-attack, which resulted in certain customer information being stolen. NETELLER reported this to the appropriate authorities at the time, and a third-party, independent forensic report was undertaken by a major accounting firm. The recommendations of the report were then followed and security was significantly strengthened with the aim of taking NETELLER beyond the industry standard.
The Company became aware that around 1,500 customers subsequently had their accounts compromised following the 2010 cyber-attack. The Company immediately took action to restore these accounts and all customers were reimbursed. The Company is not aware of any other reimbursal requests related to this incident since 2011.
In 2015, the Company bought Skrill Group. Skrill (then operating as Moneybookers) had experienced a cyber-attack in 2009, which resulted in customer information being stolen. As with NETELLER, Skrill reported the hack to appropriate authorities at the time. A third-party, independent forensic report was undertaken by a major accounting firm. The recommendations of this report were then followed and security was also significantly strengthened.
The Group’s executive management team, IT leadership and security protocols and standards have changed considerably since the breaches more than five years ago. The significant investment made to cybersecurity in recent years will continue into the future as Paysafe works to ensure it has the appropriate systems in place to defend against cybersecurity threats.
No declaration was made by the company regarding the total amount of reimbursements made to the 1,500 customers it acknowledges had their accounts fully compromised. Neither did the company declare that it had, in fact, conducted any sort of examination of all active NETeller accounts at the time of the 2010 attack to determine if the 1,500 customer-reported accounts — from which one can infer that balances were drained — were in fact all of the affected accounts. Since it appears that the 1,500 acknowledged accounts were all self-reported by consumers, it remains possible that other thefts went unrecognized and, thus, unreimbursed. It’s a lesson that all online consumers must remain vigilant, no matter the size or reputation of the firms involved.
It appears that some outdated, historic data involving former US customers of NETeller was included in the hacked data. For about two years in the middle of the last decade, NETeller was the preeminent online wallet serving US customers of various offshore gambling sites. However, that channel was closed abruptly when the US moved against NETeller and its Canadian founders, also seizing at least $55 million in in-transit funds between NETeller’s online bank accounts and those of its hundreds of thousands of US customers.
That set up protracted negotiations that weren’t resolved until 2008, when NETeller and its founders reached a settlement with US authorities; the settlement also included the release of funds held by NETeller that had been frozen in US customers’ accounts.
Even though those US players accounts were not used after 2008, they were still part of the data stolen in the 2010 hacking attack against the company. Various news reports on Paysafe’s latest filing note that Australian data-security expert Troy Hunt has uploaded certain portions of the stolen data (which subsequently was sold and resold in the darker corners of the Internet) to his Have I Been Pwned website, which tracks at least 66 major corporate hacking breaches that have occurred in recent years.
This writer checked on her e-mail address that would have been on file with NETeller back in the 2005-08 timeframe and found that it was indeed included among the 3.6 million records at least partially stolen in the 2010 NETeller breach. A check of the e-mail address used brought this response via Hunt’s site:
Sadly, the hacking-related breach appears to include a complete listing of the information NETeller would have had on file, including (as can be seen at the bottom of the above image) “Account balances, Dates of birth, Email addresses, Genders, Home addresses, IP addresses, Names, Phone numbers, Security questions and answers, Website activity.” To me, that sounds like everything, including additional info generated as customers logged into NETeller’s own corporate site.
Empirically, this writer’s experience suggests that most or all former US customers of NETeller have long since had their account details stolen and passed on through the online world’s seedier channels, perhaps making this only recently acknowledged theft one of the major sources for the streams of spam — often gambling-related — that many of these older e-mail addresses have received throughout the years.