When the story surfaced, it was a bit of a mystery. Poker players reported being scammed for hundreds to thousands of dollars – up to $10K, in fact – through a third party via online gambling accounts.
Longtime poker pro Todd Witteles was one of the victims.
- On October 20. someone created a BetMGM online sportsbook account in his name in the state-regulated market of West Virginia. They did so with his full name, home address, and last four digits of his social security number.
- They then used the Global Payments processing method to transfer $10K of funds from Witteles’ bank account to the BetMGM account.
- The next step was to cash out $7,500 of it, from the BetMGM account to a Venmo debit Mastercard and then to another Venmo account, the one belonging to the thief.
- On November 4, they withdrew the last $2,500 from the BetMGM account in the same manner.
As Witteles discovered what had happened in early November, he reached out to the poker community on Twitter. He quickly found other victims, like Joseph Cheong, Joe Cada, and Angela Jordison. Others saw evidence of attempts to do the same, though either good timing or bank oversight saved them.
And once BetMGM and other site operators caught on, they began watching out for new accounts and contacting customers to verify their authenticity.
— Chance Kornuth (@ChancesCards) November 20, 2022
It wasn’t just happened via BetMGM accounts. There was action on other US-regulated sites like WSOP.com and DraftKings, for example, as well.
The common denominator appeared to be Global Payments.
WHO IS AT RISK?
– anyone who used eCheck/ACH
– anyone who has enabled 2fa via phone
– basically anyone who has trusted legal online betting institutions
– known compromised sites, draftkings, fanduel, betmgm, wsopcom
— Melissa Burr (@burrrrrberry) November 21, 2022
Mainstream Media Coverage
As Witteles dug deep into the various victims’ stories and reached out to the online sites and Global Payments, he ran into walls. None of them wanted to respond or issue statements, much less warn the public about what was happening.
However, the story hit a new level. First, sports bettors became victims via DraftKings. That brought the story to the sports news pages.
DraftKings users get hacked, accounts drained, can’t log back in https://t.co/b5VaOY23YD
— Darren Rovell (@darrenrovell) November 21, 2022
And when those sports-focused news sites reached out to Global Payments for statements, it worked. The story inciting fear in sports bettors and creating the possibility of serious market impact prompted Global Payments and others to respond to queries.
Online Entities Speak
One of the immediately-affected companies issued a public statement on its social media account, and that was DraftKings. In addition, a short investigation showed that players were victimized to the tune of nearly $300K, and DraftKings planned to make every player whole.
— DraftKings CX Team (@DK_Assist) November 21, 2022
Meanwhile, BetMGM, WSOP, and all other US-regulated sites neglected to mention anything on their social media pages warning players to keep their eyes open for specific activities.
BetMGM did comment to Front Office Sports to say that they were investigating the matter and working with their risk, payments, and compliance teams. “Player safety and security is of utmost importance to us.”
Global Payments finally issued a brief statement, seemingly to exonerate itself. “There has been no security breach or fraudulent accounts opened at our gaming business in connection with this investigation,” a spokesperson said. “The protection of our customers and their clients’ information and funds is our top priority, and we are working with these third parties to ensure any impacted individuals are refunded.”
BetMGM and Global Payments are finally taking the matter seriously and working to resolve the situation. When I called them 2 weeks ago, I was dismissed and mostly ignored. This is what publicity does for us.
Thanks to all who helped amplify the situation.
— Todd Witteles (@ToddWitteles) November 19, 2022
How to Protect Yourself
Of course, the first reaction of most players is to change their passwords for online accounts. That is never a bad idea, but that doesn’t appear to be the method by which the thieves stole from players.
The best way to protect from theft in this situation is to close all bank accounts that have used echecks to deposit to online betting or gaming accounts. Next, change the email address with every online gaming account.
Melissa Burr had some smart suggestions:
WHAT CAN YOU DO?
– Google how to lock your sim card (apple and Android are different)
– close down any associated accounts with eChecks – nuke forever get new account #
– change the associated email with the betting site and possibly nuke that email forever too
— Melissa Burr (@burrrrrberry) November 21, 2022
Phil Galfond did, too:
You can also email via the ‘Contact Us’ link at https://t.co/oSCdrVDPjw, if you’re like me and terrified of the phone!
They got back to me in <1hr and closed my account (per my request). Impressive customer service experience during what’s likely an extra busy time for them. https://t.co/CmlAl5rBbt pic.twitter.com/rbEEycIHCG
— Phil Galfond (@PhilGalfond) November 19, 2022
Above all, be aware. Check your bank account statements online and all igaming site accounts.