The Heartbleed Security Bug: We Get the Lowdown from a Casino Industry Insider

The Heartbleed Security Bug: We Get the Lowdown from a Casino Industry Insider

There’s been a lot of buzz over the last week about a potentially serious security flaw called Heartbleed, and we’ve been quite worried by what this might mean for online gaming.

To find out more, we spoke to Leon Telander, who is CTO at the BetIt Group, the team behind Thrills and SuperLenny. He told us what Heartbleed is, how it works, and what effects it might have on players and casino sites both. Here’s the interview:

An estimated 500,000 sites have been affected. Is your casino among them? If not, why not?

Unless your server was running a really old version of OpenSSL, it was very likely running with this security flaw. What many people don’t know is that most modern online services have been running with this bug for a couple of years.

The minute we heard about the bug’s existence, we patched, or fixed, our version of OpenSSL to the newly revised version. That was more than a full day before the bug was publicly announced. That announcement, of course, put a lot of attention on the bug, and it was important to patch it before it was known to the whole world.

We took no chances and conducted a very thorough investigation, checking all user accounts that had logged in from multiple IPs and countries. We found no traces of intrusion or other evidence of abuse.

Does this bug pose a major security threat to your casino?

Not at all. Seeing the investigation came up empty, and the bug was patched before it was public knowledge, we feel we are very secure.

Have there been many questions from your customers as to how the site is dealing with Heartbleed, and whether the site and user accounts are vulnerable?

Not so many, but a few concerned customers have asked about it. I think that’s very healthy, and a good thing to ask about on any site you are using.

How often do these sorts of threats appear, and how serious are they really?

A security flaw like this is previously unheard of, and potentially very serious. I don’t recall any security threat like this having occurred before.

If left unpatched, all the information stored in the server memory is potentially available to people who know how to exploit it.

In the worst-case scenario, that means that user passwords, credit card details and other sensitive information can be reached, without leaving any trace behind. But as mentioned, there’s no risk of that with any of our sites.

Is there anything else you’d like to add to reassure your players?

We patched it, tested it and investigated all user activity since we opened our doors in December, so we’re as safe as can be. For example, I store my own real credit card details in my test account at Thrills. 😉

Players that are still worried can test for the bug here:

You can bookmark it and test any site you use — it’s a great tool.

Additionally, it doesn’t hurt to change the passwords on all your online accounts from time to time, especially if you are using the same password on several sites (which in itself should be avoided).

If one server is vulnerable, the bad guys might use information from that service to log in to others. So, after a big bug like this, however unlikely it is that you are personally affected, it’s never a bad idea to change the passwords on the various websites that you are using.

So there you have it from someone in the know, whose job it is to deal with these sorts of problems. Rest assured that your gaming is not at risk, although we do recommend you change your password on all your casino, email, and social media accounts. In gaming, as in life, and definitely on the Internet, take precautions!