Data Breach at Betting Platform 1win Exposed 96 Million Users

A massive data breach at online betting platform 1win has now been confirmed by Have I Been Pwned (HIBP), affecting over 96 million users worldwide. The leaked data, which includes email addresses, phone numbers, IP addresses, dates of birth, geographic locations, and SHA-256 hashed passwords, has been circulating on hacking forums since November 2024.

Reports of the breach first emerged on November 7, 2024, when several media outlets and cybersecurity-focused Telegram channels revealed that 450 million rows of user data from 1win had been leaked. A Russian-language Telegram channel reported that a hacker using the alias “fe0dor” had uploaded the stolen database to the exploit.in hacking forum. That same evening, an official 1win Telegram channel, allegedly managed by the company’s CEO, confirmed the breach, admitting that part of the database had been exposed and affected approximately 100 million users.

The platform’s representative also revealed that the breach involved an extortion attempt. Initially, the attackers demanded $1 million to keep the data private. However, as negotiations progressed, the ransom request escalated to $15 million. When 1win refused to comply, the attackers began leaking portions of the database online to increase pressure on the company.

Shortly after the initial reports, a user named “Smartsol” on the BreachForums hacking site publicly released the 1win database, making it freely available for download. According to Smartsol’s post, the leaked data came from multiple internal tables, including:

• User database (28GB) – containing usernames, emails, phone numbers, account balances, and hashed passwords.
• Affiliate/partner database – reportedly containing over 418 million records related to 1win’s business partners.
• Administrator settings – internal configurations and saved settings for site administrators.

The inclusion of the data on Have I Been Pwned confirms its authenticity and makes it possible for potentially affected users to check if their data has been exposed to cybercriminals. The data breach alerting service clarified that 17% of the data was already in its database from previous incidents.

1win, an international online betting platform, operates in multiple countries and offers a range of casino and sports betting services. While the company has assured users that its current infrastructure is secure, the breach has sparked discussions about data security in online gambling. Similar incidents in recent years have affected platforms like Stake, Strendus, and Pin-Up, exposing sensitive user data that could be exploited for fraud and identity theft.

Web3-based gambling platforms — which rely on blockchain technology and decentralized finance (DeFi) principles — are positioning themselves as safer alternatives to traditional online casinos. These platforms highlight the benefits of anonymity and the elimination of Know Your Customer (KYC) requirements, reducing the risk of mass data leaks. However, they operate in grey areas or straight-out illegal contexts in most countries.

If you had an account at 1win, change your passwords on all platforms where you might be using the same credentials, enable multi-factor authentication, and monitor for unauthorized login attempts or transactions.