[Nietzsche]

Hello,
I got today this e-mail from Ladbrokes (of whom I used to have a very good opinion) and I find it quite alarming. Has anyone else got this e-mail from Ladbrokes or someone else in the past?

We have identified that a number of our customers have had their customer I.D. and password details passed on to parties that we work with and unfortunately your account is one of the accounts affected. We would like to apologise for any inconvenience or concern this causes.
Naturally Ladbrokes takes any breach of security extremely seriously and we have taken a number of measures to protect customers including informing the UK Data Commissioner and Gibraltar Data Protection Commissioner.
Whilst we do not believe that any customer account has been compromised as a result of a breach, to ensure your continued security and peace of mind you may choose to change your password next time you log into your account. To do so follow these simple steps:
1) Login to your account using your existing username and password.
2) Go to the “My Account” section by clicking the header in the top right-hand corner.
3) A pop-up will appear showing your account section; choose “Password” from the tabs along the top of this screen.
4) Once complete you will receive confirmation that your password has been successfully changed.
If you have any comments or would like to discuss this matter further, our Customer Care team will be happy to help and can be reached on 0800 731 6191, or alternatively email care@ladbrokes.co.uk. Please do not respond directly to this email.
Finally, we’d like to take this opportunity to apologise again.
Customer Care,
Ladbrokes


The e-mail is genuine from Ladbrokes, they dont ask me for any details in the e-mail, except to go to the website and change my password.
I would love to know who are those parties they work with.

[benandjerry]

Thats clumsy. Could be affiliates I guess.

[princecharles]

Even if you believe 100% the email is from them, DON'T go to Ladbrokes through ANY link in the email.

Go to Ladbrokes from either a shortcut you have saved previously or type the name into the address space of the browser.

I don't think affiliates have password level access, and I would just change it up anyway.


GL

[benandjerry]

They pass along lots of account statistics on a daily basis to affils, not passwords, human errors... not that it makes it fine.

Havent gotten anything from them but changed my pw with them anyways.

[HeeeHAWWWW]

That's really embarrassing for a book of their size. Passwords should be encrypted and unreadable even to their tech team.

[Nietzsche]

I don't know what's more alarmaing and embarrassing for such a big reputable company (SBR rated A), the leak of ID and passwords, or the possibility (nothing mentioned in their e-mail, obviously) that they may have the passwords stored without encrypting.

I only once encountered a bookie that when I forgot my password, instead of e-mailing me a link to create a new password, they actually sent me an e-mail with my password written on it. Shocking! And the culprit: Jetbull.

[benandjerry]

It certainly is worrying, and quite embarrassing as you guys said. But I feel pretty confident had your accounts been compromised they would stand for it and correct the situation. I'm sure there are books that in a similar situation would just sweep it under the carpet. The experience I've had with them, if you exclude potential limiting for winners of course which drags them down, is that they're A+ through and through.

I would be surprised if they keep password databases unencrypted. As a matter of fact, for all we know the passwords they passed along were in encrypted format, there is nothing claiming otherwise, and they'd take similar security precautions regardless.