BtoBet, the Macedonia based company with headquarters in Gibraltar that sells online betting and casino software, has possibly suffered a security breach which resulted in the databases and code of its betting operator customers in Africa and South America being accessed by a non-authorized person or people. This has been partly confirmed by BtoBet who, through their legal representative - Aleksandar Mihajloski who is a Partner and Attorney at Macedonia's Mihajloski & Popovska Law -  has told iAfrikan that the security breach is "subject to an ongoing criminal investigation."

BtoBet is a developer of sports betting and online casino technology solutions. These include not only customer-facing solutions that facilitate the user betting experience but also back-office technology solutions for betting operators such as analytics and a "White Label Partnership" solution that can be personalized and re-branded by any betting operator who uses it.

"I make reference to my email dated the 6th of January, 2020. As explained in that email, my client has immediately acted and notified the respective law enforcement and regulatory authorities, whilst also notifying hid direct customer. The situation you make reference to is subject to an ongoing criminal investigation. We have passed all the information related to this case to all the authorities involved," wrote Mihajloski when iAfrikan asked him about the security breach at BtoBet and whether the company was aware of it and had informed its betting operator customers.

Towards the end of 2019, BtoBet announced that it will be rolling out its new "Neuron 3" betting platform which is expected to be launched at the ICE London Conference during February 2020. The Macedonia-based betting technology solutions company has also been involved in an aggressive expansion program during 2019 targeting betting operators in Africa and South America.

BtoBet has a possible security vulnerability

Initially, it was not obvious that BtoBet could be the source of the security and data breach that saw iAfrikan publish the article detailing how SureBet247 had suffered a data breach. As previously explained, the anonymous source who initially contacted Troy Hunt, a security researcher and founder of haveibeenpwned, stated that they had "Dumps and more." Thus, this led to the initial investigation and research focussing on SureBet247.

However, as time passed and we inspected the data dump further, some clues started emerging.

The first clue was how some of the betting websites whose names appeared in the data looked the same. Further inspection and looking at the source code of each of the betting operators whose customer databases were part of the data dump revealed the first clue that BtoBet could be the company whose systems who breached and customer databases and code accessed.

SureBet247's website code references a BtoBet CDN (Content Delivery Network) along with many other BtoBet style sheets and JavaScript code.
Not only does it look similar to SureBet247's betting website, TopBet Uganda references some BtoBet scripts in its code.
BetAlfa is a betting operator based in Colombia. Their database also forms part of the data dump although it is smaller than that of both TopBet Uganda and Nigeria's SureBet247. As can be seen in the screenshot, their website also has a similar structure to those of the previous two betting operators I mentioned and it also references BtoBet's scripts and code.
Uganda's BongoBongo is an interesting case. Their data dump as part of the breach is the second largest behind SureBet247 yet its website appears not to be referencing any BtoBet scripts or CDN. However, the website states that "Casino (coming soon)", could this be the reason why their customer database was part of the BtoBet security and data breach?

Another peculiar part of the data dump is a 307KB database backup filed named "BetWay.bak", although the file only contains 78 unique e-mail addresses, it is not clear why it was on BtoBet servers. This is made even more curious as when contacted by iAfrikan, BetWay wrote that "We have confirmed with Management and wish to reiterate that Betway in Nigeria does not operate on the BtoBet platform." This also seems to apply to all the countries they operate in across the continent.

However, I digress. With suspicions raised by the first couple of clues that we could be looking at a far reaching security possibly affecting many betting operators that use BtoBet software, we re-inspected the data dumps.

Before long, another clue that seemed to prove the working hypothesis that it was BtoBet's systems that were breached, Hunt discovered that each of the betting operators databases mentioned above which were part of the data dump had a lot of admin e-mail addresses (same e-mail address) at the beginning of each "Users" table.

After that, came another clue that almost conclusively proved that BtoBet had something to do with the security and data breach.

Permissions on all the databases that formed part of the data dump also have a lot of references to Premierbet.

Well, initially when looking at the permissions of all the databases that formed part of the data dump, it wasn't clear that BtoBet was being referenced in any way until we started searching for the two names that appear on them via Google. That's when it became almost clear that BtoBet was highly probably breached because Nikola Mijakovski's LinkedIn profile lists them as a "Principal Software Developer at BtoBet" while Blagoja Mileski's LinkedIn profile lists them as a "Technical Lead at BtoBet." Having tried to contact BtoBet and the Chief Marketing Officer previously without any success, I tried Nikola and Blagoja. No response after 24hrs. It was only when I contacted Bojan Gjorgjioski (Dotnet Developer at BtoBet) did I get an almost immediate response, although a rather strange one as Bojan, without asking any questions or making any remarks referred me to BtoBet's legal representative.

Initially, BtoBet was not forthcoming regarding the breach with Mihajloski sending a confusing message but would somehow later confirm the breach as mentioned at the beginning of this article.

"Respected, I am contacting you OBO my client BTOBET, regarding the information you have requested via email from members within the organization. Kindly be informed that we have notified the respective law enforcement officials and all the legal measures determined by the law are undertaken from their side. Whilst no serious digital breach has occurred, we have already taken all the necessary measures against unauthorized access by any malicious third party."

Rise of online and mobile betting across Africa

There has been a marked increase in sports betting across Africa over the past 5 years. Specifically online and mobile phone-based betting. This is also shown by not only the number of physical betting shops you find across many of Africa's towns and cities but also online activity.

One such indicator is how many people globally are searching for the phrase "sports betting." According to Google Trends, of the Top 10 countries from where people searched for "sports betting" during 2019, 8 of them were African countries.

Worldwide Google Trends report for people who searched the phrase "sports betting." Eight of the ten top countries to search for the phrase in 2019 were African. Source: Google Trends

BtoBet has also taken advantage of this growing trend like many other betting companies. During 2019, the company went on an aggressive expansion and marketing program announcing partnerships with many operators such as integrating their Neuron platform into SureBet247's betting operations, deals with betting operators in Kenya, Nigeria, Namibia and Uganda, and launching its White Label Partnership Program in South America, among numerous others.

It is not clear what is to happen next and whether other customers of BtoBet are affected as well because the anonymous source said that they were able to access BtoBet's systems and "escalate permissions." At the time of publishing BetAlfa, BongoBongo, and TopBet Uganda had not responded to any communications from iAfrikan.

While SureBet247 is under investigation by Nigeria's Nigeria's National Information Technology Development Agency (NITDA), Mihajloski told iAfrikan that the alleged BtoBet security breach is under investigation by the Ministry of Interior of RN Macedonia - Sector for cybercrime and digital forensics.

This is a developing story and we will update it once new information becomes available.


Share this via: