Hello,
I got today this e-mail from Ladbrokes (of whom I used to have a very good opinion) and I find it quite alarming. Has anyone else got this e-mail from Ladbrokes or someone else in the past?
We have identified that a number of our customers have had their customer I.D. and password details passed on to parties that we work with and unfortunately your account is one of the accounts affected. We would like to apologise for any inconvenience or concern this causes. Naturally Ladbrokes takes any breach of security extremely seriously and we have taken a number of measures to protect customers including informing the UK Data Commissioner and Gibraltar Data Protection Commissioner. Whilst we do not believe that any customer account has been compromised as a result of a breach, to ensure your continued security and peace of mind you may choose to change your password next time you log into your account. To do so follow these simple steps: 1) Login to your account using your existing username and password.
2) Go to the “My Account” section by clicking the header in the top right-hand corner.
3) A pop-up will appear showing your account section; choose “Password” from the tabs along the top of this screen.
4) Once complete you will receive confirmation that your password has been successfully changed. If you have any comments or would like to discuss this matter further, our Customer Care team will be happy to help and can be reached on 0800 731 6191, or alternatively email care@ladbrokes.co.uk. Please do not respond directly to this email. Finally, we’d like to take this opportunity to apologise again. Customer Care, Ladbrokes
The e-mail is genuine from Ladbrokes, they dont ask me for any details in the e-mail, except to go to the website and change my password.
I would love to know who are those parties they work with.
I don't know what's more alarmaing and embarrassing for such a big reputable company (SBR rated A), the leak of ID and passwords, or the possibility (nothing mentioned in their e-mail, obviously) that they may have the passwords stored without encrypting.
I only once encountered a bookie that when I forgot my password, instead of e-mailing me a link to create a new password, they actually sent me an e-mail with my password written on it. Shocking! And the culprit: Jetbull.
It certainly is worrying, and quite embarrassing as you guys said. But I feel pretty confident had your accounts been compromised they would stand for it and correct the situation. I'm sure there are books that in a similar situation would just sweep it under the carpet. The experience I've had with them, if you exclude potential limiting for winners of course which drags them down, is that they're A+ through and through.
I would be surprised if they keep password databases unencrypted. As a matter of fact, for all we know the passwords they passed along were in encrypted format, there is nothing claiming otherwise, and they'd take similar security precautions regardless.