Tag Archive for: casino

Another Biloxi casino suffers cyberattack as hackers access customer loyalty database

/in


Beau Rivage Resort & Casino and Harrah’s Gulf Coast Biloxi are open and working around computer issues as their parent companies continue to deal with cyberattacks.

Caesars Entertainment said Thursday in a filing with the Security and Exchange Commission that it recently discovered suspicious activity following an attack on an outsourced support vendor used by the company.

The parent company of Harrah’s Gulf Coast on Sept.7 said it determined the attacker got a copy of the company’s loyalty program database. Caesars Entertainment has one of the largest customer databases of any casino company.

Caesars said its casinos and online gambling program were not impacted, but the attack may have exposed customers’ driver’s license numbers and social security numbers.

“We have no evidence to date that any member passwords/PINs, bank account information or payment card information were acquired by the unauthorized actor,” Caesars said, and has seen no evidence the data was shared.

The company is offering credit monitoring and identity theft protection to all loyalty club members who call 888-652-1580 from 8 a.m.-8 p.m. weekdays. Customers will be notified affected by the hack.

Harrah’s Gulf Coast in Biloxi is one of the Caesars Entertainment casinos that may have been seen customer information revealed in a cyberattack.

Harrah’s Gulf Coast in Biloxi is one of the Caesars Entertainment casinos that may have been seen customer information revealed in a cyberattack.

Caesars said it doesn’t know the costs of the attack.

The Las Vegas Review-Journal cited sources who said the company already paid tens of millions of dollars to the hackers.

MGM update

MGM Resorts International, parent company of the Beau Rivage in Biloxi, said Friday its website is back online and operating in a limited capacity.

The company posted answers to frequently asked questions and said it would post updates to the MGM Resorts Twitter handle.

Beau Rivage Resort & Casino in Biloxi is working around technology issues as its parent company deals with a cyberattack.

Beau Rivage Resort & Casino in Biloxi is working around technology issues as its parent company deals with a cyberattack.

Reservations for restaurants, entertainment and the spa can be booked on the company website and mobile app.

MGM announced the cyberattack on Monday and said its Website, email and electronic key entry to hotel rooms were among the systems taken down.

Systems were put in place to work around these…

Source…

Hackers Gain Control of Casino Card Shuffling Machine for Godlike Control Over Games

/in


“Basically, it allows us to do more or less whatever we want.”

Shifty Shufflers

The house doesn’t always win.

Researchers at the security firm IOActive say they’ve discovered that a card shuffling machine called the Deckmate, widely used by casinos and long thought to be impervious, is actually vulnerable to hacking, Wired reports — an exploit that could give a skilled cheater omniscient knowledge of every player’s cards.

The investigation was spurred by a gambling scandal last year, when during a game of poker, a newcomer holding a terrible hand called the bluff of a veteran player — a call so baffling that the commentator thought that the live graphics were displaying the cards incorrectly.

Accusations of cheating followed, along with an official investigation by Hustler Live Casino, the host of the scandalous game. The casino’s report concluded there was no evidence of foul play, and averred that the Deckmate used at the game was “secure and cannot be compromised.”

Under the Table

That’s where the IOActive researchers begged to differ.

“At that point, it’s a challenge,” Joseph Tartaro, a researcher at the security firm, told Wired.

Presenting at a Las Vegas security conference, Tartaro and his team found that the latest version of the card shuffler, the Deckmate 2, can be hacked through its exposed USB port.

They theorize that a conniving player could pretend to drop something, go under the table where the Deckmate lies, and plug a device into the USB port. And if physically plugging in a hacking device lacks subtlety, the researchers claim that it could also be hacked remotely through the Deckmate’s internal modem.

From there, cheaters could access the shuffler’s internal camera that watches the cards, and relay that data over Bluetooth to a phone held by a partner nearby who could communicate with a trick like hand signals.

As a test, IOactive researchers made a hacking device out of a Raspberry Pi, exploiting, among several vulnerabilities, faulty firmware that let them tamper with the Deckmate’s encrypted code without detection. They paired this with a Bluetooth app that displayed the hands of other players based on the data.

“Basically, it allows us to do more or less whatever we…

Source…

Hackers obtain personal data from 200K+ in southern Nevada casino data breach, class-action lawsuit says

/in


Class-action lawsuit filed after 2022 data breach

LAS VEGAS (KLAS) — A class-action lawsuit filed Wednesday alleges a southern Nevada casino’s computer systems were left vulnerable to a cyberattack, leaving the personal information of more than 200,000 customers and employees exposed, court documents said.

A hacker was able to access the sensitive information involving Rancho Mesquite Casino over several days in November 2022, documents said. Information accessed included full names and Social Security numbers.

The company operates the Rising Star Sports Ranch Resort in Mesquite, the Eureka Casino in Las Vegas and The Brook in Seabrook, New Hampshire, its website said. Two of the company’s properties were affected, documents said.

The class action, filed in Las Vegas court, alleges the company failed to provide “to provide timely and adequate notice” about the breach. The originating plaintiff is a California resident who said his computer was part of a ransomware attack, documents said.

A document in the filing, provided by authorities in Maine, said the company mailed notices of the breach in December 2022. The company was offered a dedicated phone line and one year of credit monitoring.

“On November 9, 2022, Eureka experienced a cybersecurity incident during which some of our systems were encrypted by an unauthorized actor,” a letter sent to those affected by the breach and included in the filing said. “Upon discovering the incident, we immediately took steps to secure our systems, began an investigation, and a cybersecurity firm was engaged to assist. Although the investigation is ongoing, we identified certain data that the unauthorized actor accessed during the incident. We began a review of the data and identified that the data included some of your information. Specifically, the data included your name and Social Security number.”

The lawsuit alleges the company failed to encrypt the sensitive information.

“Simply put, plaintiff and class members now face substantial risk of out-of-pocket fraud losses such as loans opened in their names, medical services billed in their names, tax return fraud, utility bills opened in…

Source…

Houston unknowingly hosted mail-order bride, casino posts on city website

/in


The page on Wednesday morning featured a spate of blog entries on a variety of confounding topics that were decidedly unrelated to City Hall. They were taken down by the afternoon, after the Houston Chronicle inquired about them.

The source of the blog entries, many of which were nonsensical, was unknown Wednesday. Mary Benton, the city’s communications director, said she alerted the information technology department to the posts. The listed author on the articles, a housing department employee named Ashley Lawson, did not actually write and post them, Benton said.

CITY HALL NEWS: Mayoral aide took bribe to help bar pass inspection, fast-track permit, records show

The entries appeared on the city’s news site, cityofhouston.news, a WordPress blog that does not share a domain with the city’s primary website, houstontx.gov.

Christopher Mitchell, the city’s chief information security officer, said no city information was compromised. 

“We were recently made aware of improper posts appearing on a blog site utilized by the city to allow individual departments to post departmental content,” Mitchell said in a statement. “The blog site is hosted on a third-party platform and is not connected to any City of Houston enterprise systems. At no point did the city experience a compromise of city systems, data, or information. The origin of the posts was from an active account that was no longer in use, and the city is taking all necessary precautions to correct the issue and prevent a recurrence.”

The posts, often in broken or garbled English, had appeared at least 29 times since Sept. 13, displayed as “uncategorized” entries among more routine posts about police and fire investigations and where to get a flu shot.

RELATED NEWS: Once again, Houston is cutting its tax rate — but that doesn’t mean your bill will go down

Source…