PokerStars US Data Breach: Cl0p Hackers Strike MOVEit File Transfer App, Affecting Over 100,000 Players

A security breach has been reported at PokerStars US, originating from a third-party software used for transferring files. TSG Interactive US Services Limited, operating as PokerStars in the United States, is notifying its American online players of a potential data theft incident. The breach is believed to have been perpetrated by the Russia-based hacker group, known as “Cl0p.”

The cybersecurity issue occurred due to a vulnerability in the MOVEit file transfer application, developed by the Massachusetts-based Progress Software Group (PSG). The flaw was discovered on May 31. PSG alerted its large client base about the incident while Cl0p posted a “zero-day” ransomware threat on the dark web concerning the stolen files.

In response to the incident, PokerStars US and numerous other companies ceased using the compromised MOVEit application and initiated an investigation. In a July 20, 2023, letter sent to affected players in Maine, PokerStars US detailed its immediate response upon discovering the vulnerability on June 2. They brought in external experts and notified law enforcement, assisting them with their investigations.

The company clarified that this incident affected only the MOVEit Transfer application and that all other services are functioning normally. The stolen data likely consists of player names, addresses, social security numbers, and other personal details.

PokerStars US has made the Maine Attorney General’s office aware of the breach. This notification to the Maine AG indicates that 110,291 of PokerStars’ American players might have been impacted, including nine from Maine. PokerStars operates online in New Jersey, Michigan, and Pennsylvania, but players from other states and countries can participate if they are physically in one of these three states.

The magnitude of the MOVEit breach goes beyond online gambling. According to Cybernews, nearly 400 companies have suffered from this massive breach.

In an official statement, a PokerStars representative confirmed the global cybersecurity incident affecting the MOVEit Transfer application and its impact on PokerStars. The statement assured that the breach only affected the MOVEit application, and all other services continue to operate as usual.

To mitigate the risk of identity theft, PokerStars is offering a complimentary 24-month membership to Experian’s IdentityWorks to the affected players in Maine. The company will send the offer along with recommendations to protect against potential fraud and identity theft via physical mail.