PlayNow has notified all users to update their account passwords following a recent security incident. On July 24, 2024, the platform detected unusually high traffic, which was later confirmed as a "credential stuffing" attack.
In such cyber attacks, criminals attempt to access user accounts using email addresses and passwords leaked or stolen from other company databases. This attack exploits the common practice of using the same login credentials across multiple websites.
BCLC President and CEO Pat Davis commented on the incident: "This is a deeply concerning incident and a cautionary tale for everyone with multiple online accounts.
Our investigation is still ongoing, and we have not yet found evidence that our systems were breached or that player login information was stolen from our systems.
Integrity and security are at the core of our business and gaming. We are committed to continuously evaluating and enhancing PlayNow's security controls to maintain the security of our players' information."
As an emergency response, PlayNow has locked the affected accounts and implemented measures to block suspicious traffic. The company has also notified relevant authorities, including privacy commissioners and gaming regulators in British Columbia, Manitoba, and Saskatchewan.
As a precaution, PlayNow advises all users to change their passwords and ensure they do not use the same password across multiple websites.
In related news, Marina Bay Sands reported a similar security incident at the end of last year involving a data breach that affected about 665,000 non-casino loyalty program members.
