- Hackers didn’t need Paddy Power and Betfair users’ passwords to start building targeted scams using personal betting activity
- Even without card details, stolen emails and IPs can power highly convincing fraud attempts
- Gamblers are now prime targets for phishing messages tailored to their habits
A major data breach affecting up to 800,000 users of two popular online betting platforms has raised concerns about phishing risks and the role of artificial intelligence in exploiting exposed personal data.
The incident, confirmed by Flutter Entertainment, the parent company of Paddy Power and Betfair, compromised user IP addresses, email addresses, and online activity linked to individual gambling accounts.
Although no passwords or payment details were exposed, cybersecurity experts caution the stolen data could still be used to mount highly targeted attacks.
Passwords are safe, but you need to remain vigilant
Flutter, which operates several major gambling brands including Sky Bet and Tombola, acknowledged the breach and described it as a “data incident” that has since been contained.
The company has told users there is, “nothing you need to do in response to this incident,” although they were advised to remain vigilant.
With 4.2 million average monthly players across its UK and Irish platforms, the exposure of even a fraction of its user base could be serious.
Harley Morlet, chief marketing officer at Storm Guidance, warned those who regularly spend large amounts of money on these sites could be at greater risk.
“With the advent of AI, I think it would actually be very easy to build out a large-scale automated attack,” he told the BBC’s Today programme.
“Basically, focusing on crafting messages that look appealing to those gamblers.”
Tim Rawlins, director and senior adviser at the NCC Group, echoed those concerns, urging customers to be wary of emails that reflect their personal betting patterns.
“You might re-enter your credit card number, you might re-enter your bank account details, those are the sort of things people need to be on the lookout for and be conscious of that sort of threat.”
“If it’s too good to be true, it probably is a fraudster who’s coming after your money,” he added.
Rawlins also stated that AI is making phishing attempts harder to detect, noting a rise in the sophistication of fraudulent emails.
The risk is especially acute in spear phishing campaigns, where stolen data is used to tailor messages that closely mimic legitimate correspondence.
For users now wondering how to protect themselves, relying solely on a free antivirus or even a standard Android antivirus app might not be enough.
While an antivirus solution can block known malware, it’s less effective against cleverly written emails that coax victims into handing over sensitive information themselves.
Instead, a layered approach that includes caution, skepticism, and good cyber hygiene remains the best defense.
