BetVictor to probe internal password error
BetVictor has launched an investigation after it was revealed that a password list for its internal systems was made available to view on its betting platform.
The two-page document featured a list of links to back office systems, including a number of usernames and passwords.
Security researcher Chris Hogben uncovered the document through BetVictor’s customer support pop-up search box.
Hogben told ZDNet that the document, entitled ‘Logins/Links to Back Offices – Internal’, contained passwords to the operator’s trading platform, ticketing system and the Experian identity verification service.
According to Hogben, 11 of the passwords featured on the list were “weak” and easy-to-guess, while he also discovered that various other internal documents were accessible via the customer support box.
“With access to any of these systems, it may be possible to access sensitive company information and potentially even user-specific data,” Hogben said.
It is not clear how long the document was featured on the site, but Hogben said the file dated back to 2015.
BetVictor has since taken the list down and issued a short statement in response to the revelation.
The company said: “We are still investigating this matter with our third-party suppliers and cannot answer any specific questions at this point in time.”
Related article: BetVictor adds new betting features to #PriceItUp’