- Pirates do not need Paddy Power and Betfair users’ passwords to start creating targeted scams using personal Paris activity
- Even without card details, stolen emails and IPs can fuel very convincing fraud attempts
- Players are now main targets for phishing messages adapted to their habits
A major data violation of up to 800,000 users of two popular online platforms has raised concerns concerning the risks of phishing and the role of artificial intelligence in the exploitation of exposed personal data.
The incident, confirmed by Flutter Entertainment, the parent company of Paddy Power and Betfair, compromised user-user addresses, e-mail addresses and online activities related to individual play accounts.
Although no password or payment details have been exposed, cybersecurity experts warn the stolen data could still be used to mount highly targeted attacks.
Passwords are safe, but you have to stay vigilant
Flutter, which operates several major game brands, including Sky Bet and Tombola, has recognized the violation and described it as an “data incident” which has since been contained.
The company told users that “nothing you need to do in response to this incident”, although they were invited to remain vigilant.
With 4.2 million average monthly players on its British and Irish platforms, the exposure of a fraction of its user base could be serious.
Harley Morlet, director of marketing at Storm Guidance, warned those who regularly spend large sums of money on these sites could be more at risk.
“With the advent of AI, I think it would actually be very easy to build a large-scale automated attack,” he told BBC Today program.
“Basically, focusing on creating messages that seem attractive to these players.”
Tim Rawlins, director and principal advisor to the NCC group, echoed these concerns, urging customers to be wary of emails that reflect their personal Paris models.
“You could reintegrate your credit card number, you could reintegrate the details of your bank account, these are the kinds of things that people must be looking for and be aware of this kind of threat.”
“If it’s too good to be true, it’s probably a fraudster who comes after your money,” he added.
Rawlins also said that AI makes phishing attempts more difficult to detect, noting an increase in sophistication of fraudulent emails.
The risk is particularly acute in spear phishing campaigns, where stolen data is used to adapt messages that closely imitate legitimate correspondence.
For users, now wondering how to protect yourself, only relying on a free antivirus or even a standard Android antivirus application may not be enough.
Although an antivirus solution can block known malware, it is less effective against intelligently written emails that am up to the victims to put sensitive information themselves.
Instead, a layer approach that includes prudence, skepticism and good cyber hygiene remains the best defense.
