Threat Actor Claims to Sell bet365 Customer Data with 120 Million Records
A threat actor operating under the alias "pablomotos" has listed a database allegedly containing over 120 million customer records from UK-based betting giant bet365 for sale on an underground hacking forum. The post, made on 22 June, includes sensitive personal and financial data, such as names, email addresses, phone numbers, IBANs, national IDs, bank account details, and tax file numbers.
The samples provided by the threat actor feature entries from multiple countries, aligning with bet365’s global operations, which span Europe, North America, and Oceania, including Australia. The company has not yet publicly responded to the claims, and Cyber Daily’s inquiry to bet365 remains unanswered.
The incident highlights the ongoing risk of large-scale data breaches in the gambling and financial sectors, with potential implications for millions of users worldwide.
bet365 TPRM report: https://www.rankiteo.com/company/bet365
"id": "bet1782203515",
"linkid": "bet365",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '120 million',
'industry': 'Gambling/Betting',
'location': 'UK',
'name': 'bet365',
'type': 'Company'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '120 million',
'personally_identifiable_information': ['Names',
'Email addresses',
'Phone numbers',
'National IDs',
'Bank account details',
'Tax file numbers',
'IBANs'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Data',
'Financial Data']},
'date_detected': '2024-06-22',
'date_publicly_disclosed': '2024-06-22',
'description': "A threat actor operating under the alias 'pablomotos' has "
'listed a database allegedly containing over 120 million '
'customer records from UK-based betting giant bet365 for sale '
'on an underground hacking forum. The post includes sensitive '
'personal and financial data, such as names, email addresses, '
'phone numbers, IBANs, national IDs, bank account details, and '
'tax file numbers. The samples provided feature entries from '
'multiple countries, aligning with bet365’s global operations.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'data_compromised': '120 million records',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential legal liabilities',
'payment_information_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'references': [{'date_accessed': '2024-06-22', 'source': 'Cyber Daily'}],
'regulatory_compliance': {'regulations_violated': ['Potential GDPR '
'violations']},
'threat_actor': 'pablomotos',
'title': 'Threat Actor Claims to Sell bet365 Customer Data with 120 Million '
'Records',
'type': 'Data Breach'}