Data Brokers Are Selling User Details of 300 Turkish Betting Sites

Last updated September 28, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

A team of data brokers specializing in the Turkish internet has put up for sale a respectable database containing the user details of over three hundred bet sites. The names of the compromised sites that allegedly had their databases exfiltrated are given in the screenshot that the seller has posted on the offering.

According to the hacker, 90% of these databases contain usernames, full names, IP addresses, phone numbers, email addresses, deposit/withdraw amounts, player logs, activity details, etc. As for the freshness aspect, the actor claims the databases date from August 2019 to May 2021.

A tipster who has contacted the seller was able to obtain a sample of the data and shared it with TechNadu to help us determine the validity of the set, and we can confirm that it appears to be real. Moreover, the details that the seller is promising are to be found in the sample, but we obviously have no way to tell if the same applies to the entire pack. As for the price, the seller has offered access for $800 and even promised to update the files with new entries in the following weeks.

Source: TechNadu

The same data broker is offering an international betting sites pack, but we weren’t able to confirm anything about it. In general, the hacker appears to prefer betting sites because the value of accounts from such platforms is naturally elevated.

If you’ve created an account on one of the websites shown in the first screenshot of this post, consider your details compromised and treat all incoming communications with care. We don’t know how many people have bought this data, but it has been up for grabs for a couple of days already. Also, note that not all sites presented in the listing are Turkish, as we can see an Iranian platform, the Cyprus Casino, Milano Casino, and others that are of doubtful origin.

The possibility of exploitation includes phishing, scamming, account takeover, and credential stuffing attacks. Even if passwords are missing from the set, a malicious actor engaging in social engineering could reset it by providing other confirmatory information.

At the start of the month, we covered a story that indicated the scale of SQL injection attacks against Turkish sites, resulting in the exfiltration of valuable databases, so this appears to be a problem with many of them. Also, since the seller promises updates, we can deduce that most of these sites don’t realize the intrusion or just don’t bother to fix their security.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: