Betfair Account Recovery System Flaws Raise Alarms
Betfair, Europe’s largest betting exchange, has reassured its customers that it is fixing issues uncovered with its account recovery system.
A major security flaw was detected by users in recent days.
The alarm was raised with Betfair after people found that the account reset procedure for users with less than £100 in their account was simply to provide data such as the account name and holder's date of birth, neither of which are particularly hard to find out.
No additional means of authentication would have been required for an attacker to gain access to a user's account.
The Register goes on:
Betfair's T&C states that its users are "solely responsible for the security and confidentiality of [their] account. In particular, [they] agree to keep their username, password and/or TAN strictly confidential."
However, during registration, users are not offered the option of entering a username. Instead, customers have their email addresses automatically selected as their usernames.
- Aaron Goldstein, Gambling911.com
