Stake.com, an online crypto casino, has emailed customers to inform them that limited user data exposure occurred. This follows a security breach at Mixpanel, one of its third-party service providers.
Stake states that the incident did not involve unauthorized access to its platforms or infrastructure. User funds and passwords remain secure.
The breach originated with an analytics provider used by Stake, Mixpanel, as well as multiple other companies. Stake emphasized that Mixpanel cannot access Stake’s core infrastructure and that it fully contained the incident within its own systems.
Stake added that there is no evidence of any compromise to account credentials or financial information. It said that no one accessed its platform or infrastructure.
An SMS phishing, or smishing, attack breached Mixpanel, allowing an attacker to gain unauthorized access to its internal systems. The company detected and stopped the incident over the same weekend.
Yet, the provider later confirmed that the attacker exported files containing user profile data from numerous companies, including Stake, before the company fully contained the breach.
Mixpanel confirmed that the accessed data contained Stake user information, including usernames, email addresses, dates of birth, and phone numbers.
The attacker did not access any passwords, authentication credentials, or financial data.
Stake has implemented online monitoring services to watch for any more exposure of misuse of the data.
Stake says in response to the incident, it has taken the following steps. First, Stake verified that its systems were not impacted. It confirmed that Mixpanel fully contained the breach and ensured that Mixpanel secured its systems.
Right now, Mixpanel is working with law enforcement authorities as part of the ongoing investigation.
Stake has encouraged users to keep on being vigilant against potential impersonation or phishing attempts while emphasizing that accounts and funds remain secure.
