PlayNow suffers security breach across multiple provinces
BCLC says fewer than 1% of player base was affected
The British Columbia Lottery Corporation (BCLC) is advising all PlayNow users to change their passwords after a “credential stuffing” incident saw thousands of dollars in player funds stolen.
A BCLC advisory said players across three provinces had passwords stolen from other companies’ sites. “Credential stuffing” is a cybercrime attempt in which fraudsters attempt to access player accounts using email addresses and passwords that were previously exposed or stolen from other companies, based on the notion that people often use the same user ID and password across multiple websites.
PlayNow detected the fraud after noticing a suspiciously high volume of traffic on the site.
As well as B.C., BCLC operates PlayNow in Saskatchewan and Manitoba in partnership with the Saskatchewan Indian Gaming Authority and Manitoba Liquor & Lotteries.
Matt Lee, senior communications specialist at BCLC, told Canadian Gaming Business that while BCLC couldn’t provide specific numbers due to security purposes, the incident affected “less than 1% of our PlayNow player base in British Columbia, Saskatchewan and Manitoba, with the majority of users impacted in B.C.”
Approximately $4,000 in player funds appear to have been fraudulently withdrawn. Lee said BCLC is working with those players affected to deposit an equal dollar amount into their PlayNow account, plus two years of credit monitoring services at no charge.
Immediately after determining the fraud had taken place, PlayNow notified impacted players that their accounts had been locked due to suspicious activity and took measures to block the suspicious traffic. The lottery corporation has found no evidence that any of its systems have been compromised, or that player login information was stolen from its systems.
BCLC’s investigation remains ongoing and law enforcement authorities are also involved.
The lottery corporation warned users of the potential dangers of using the same password across multiple websites. Pat Davis, BCLC president and CEO, called the situation, “a deeply concerning incident and a cautionary tale for everyone with multiple online accounts.
“Integrity and security are at the core of our business and our games,” added Davis. “We are committed to continuing our ongoing evaluation and enhancement of PlayNow security controls to maintain the safety of our players’ information going forward.”
BCLC aims to ‘revolutionize gambling entertainment’
BCLC is currently embarking upon a five-year strategy that Davis says will “revolutionize gambling entertainment.’
Davis told SBC’s Media Manager, Charlie Horner, at the Canadian Gaming Summit in June that the strategy will be anchored around three specific strategic focuses.
“One of them is around what we call knowing play,” Davis said. “We ultimately want to have a clear understanding of our players and a 100% understanding of all wagers that occur across all of our platforms, and be able to personalize those experiences for our players.
“The second one is building a world-class rewards and incentives program to drive player engagement and loyalty. And the third is continuing our social purpose journey to generate wins for the greater good and amplify our impact not only for our players but also all of the communities that we operate in the province and the country and industry at large.”
The BCLC is set to launch a digital-first retail sportsbook this fall wherein customers will download and create bet slips on their devices before scanning them in the retail location. Davis called this process the latest development in the BCLC’s “journey of digital convergence.”