PlayNow advises users to update passwords following security incident

PlayNow, the online gambling platform operated by the British Columbia Lottery Corporation (BCLC), has advised users to update their account passwords after detecting a security incident. The company reported a “credential stuffing” attack on July 24, triggered by unusually high platform traffic.

Credential stuffing involves cybercriminals using email addresses and credentials previously compromised from other databases to gain unauthorized access to user accounts. This attack exploits the common practice of reusing passwords across multiple sites.

PlayNow began in 2004 as a lottery ticket-purchasing outlet and has since expanded to include poker and other online casino games. The service, through partnership agreements, now operates in Manitoba and Saskatchewan.

BCLC President and CEO Pat Davis described the incident as “a deeply concerning incident and a cautionary tale for everyone with multiple online accounts.” He emphasized that there is no evidence of system compromise or theft of player login information from PlayNow’s systems.

Upon detecting the attack, PlayNow promptly locked down accounts suspected of being impacted and took measures to block access from suspicious sources. The company has urged users to refresh their passwords, particularly if they use the same credentials on other platforms.

Additionally, PlayNow notified relevant authorities and partner organizations in British Columbia, Manitoba, and Saskatchewan. Davis reassured users that “integrity and security are at the core of our business and our games.” He affirmed the company’s commitment to continuously evaluating and enhancing security controls to safeguard player information.