Online Casino MyStake Has Failed to Inform Customers about a Data Breach for More than Eight Months

Online casino MyStake has failed to inform users for more than eight months about a personal data breach. The operator also did not take basic measures to secure accounts following a hacking attack that resulted in the exposure of data belonging to hundreds of players, Curaçao Chronicle reported.

The incident is linked to a publication that appeared on hacker forums in May 2025.

A PDF file containing login credentials for 540 MyStake user accounts was made publicly available. The document included email addresses and passwords.

Subsequent technical checks allowed specialists to access almost all of the listed accounts. They were also able to view unencrypted personal user data, including names, residential addresses, phone numbers, dates of birth and transaction histories.

After the breach was identified, the platform operator did not take standard response measures.

Users were not sent official notifications about the incident. Mandatory password resets were not introduced, and no warnings were issued about the potential risks of unauthorised use of personal data.

One of the experts involved in the review said the scale of the exposed data was a cause for serious concern. According to the expert, the lack of response from the operator has left users vulnerable. The risks include illegal use of credentials, fraud schemes, phishing attacks and unauthorised access to accounts.

MyStake operates under a Curaçao licence and is managed by Santeda International. The company controls a network of online casinos that includes Goldenbet, Velobet, Cosmobet and Rolletto.

Analytical groups DealMeOut and GAMRS said they plan to publish the findings of their review and submit the materials to regulators.

Earlier, Gambling Park reported on an investigation that pointed to the lack of legal force of Anjouan gambling licences.