Optimal Investigates Hackers Potentially Obtaining Millions of User Records from Moneybookers and Neteller

November 11, 2015         By: Asif Imtiaz

Back in 2009, and later in 2010, security of two of the popular online payment companies, Moneybookers (now called Skrill) and Neteller, used in the gambling industry was breached.

At first, these two companies thought the attackers did not get access to valuable data. However, recently, Forbes disclosed that the attackers were able to gain access to sensitive data such as addresses, date of birth, and phone numbers of hundreds of thousands of users.

Reports also suggested that the consequence of the data breach was more severe with Neteller, as hackers were able to obtain answers to the “password hints” that users have saved as a way to later recover their passwords, in case they forget it.

An anonymous source handed the leaked database from Moneybookers and Neteller to an online security specialist named Troy Hunt. Mr. Hunt is the man behind the website “have i been pwned?” where anyone can check if any of their online accounts were breached in the past.

The source of Forbes said they knew about this widespread data breach for several years, but now wished to inform the users.

Moneybookers (Skrill) and Neteller are both owned by Optimal Payments, which used to be Neovia Financial.

After the case was reported to the UK’s Financial Conduct Authority (FCA), consultancy firm Deloitte made a formal investigation on behalf of Optimal Payments. However, Optimal Payments later told the media that they are certain that no user of these two payment processing companies have suffered financial loss due this data breach that happened in 2009 and 2010.

However, several security experts have said that despite any direct monetary loss, users of these two companies may have suffered from identity theft. That might have caused more serious problems. This is partly because most people do not use wallet service providers like Skrill or Neteller to store large sums of money, but their personal data can be used to cause greater harm later on.

The database that was given to Troy Hunt contained around 3.6 million and 4.5 million user data from Neteller and Moneybookers, respectively.