The National Information Technology Development Agency (NITDA) said it has commenced investigations into an alleged breach of data belonging to thousands of betting customers on SureBet247 platform.
The story first reported by iAfrikan.com showed that the breach was discovered by an anonymous source who tipped off Australian security researcher and founder of haveibeenpwned, Troy Hunt.
The breach allegedly affected over 32GB of backups across 6 databases of various online betting assets.
“Within the databases, there is everything from user records to betting histories, the latter consuming more than 100M rows in one of the databases,” Hunt said.
iAfrica said it was able to verify that the breach of the database, which includes table names, list of staff, email addresses that belong to Surebet247.
Founded in 2011, SureBet247 is owned by Chessplus International, a Nigerian company which specialises in online gambling and casinos. The founders of the company are Sheriff Olaniyan and Olsaupo Badmus who met at the University of Ilorin in Nigeria.
Olufemi Daniel, desk officer of NITDA’s regulatory guideline NDPR told BusinessDay that the agency has made contact with the author of the article while it prepares to serve the betting company a query.
“We are also writing to the company to hear their side of the story,” Daniel said. “We will make an announcement when we have heard from them within the allotted time.”
The director-general of NITDA has asked the Data Breach Investigation Team to investigate the incident.
The company is yet to respond to queries on the alleged data breach. In the iAfrica report, Hunt claims SureBet247 was contacted 8 days after the breach was first discovered, but no action was taken by the company. Three days later, Hunt also tried to contact the Nigerian betting operator’s support team and got no response.
“It was only on Tuesday 31 December 2019, after I tried various methods of getting hold of the people at SureBet247, that eventually there was a response. However, the frustration continued as the company continued to display a nonchalant attitude to the potential security and data breach they could have suffered,” Tefo Mohapi, author of the story said.
NITDA told BusinessDay that it cannot take arbitrary actions when asked whether there was a penalty for lack of response from SureBet247.
“We have a process based on the principles of natural and that is what we are following,” Daniel said.
iAfrikan said there is a possibility that more betting customers beyond SureBet247 were affected.
“Upon closer inspection, it appeared that other online sports betting operators could be affected given the names of the databases that were shared with us,” Mohapi said.
