Search TorWire

Find cybersecurity guides and research articles

Home > News > Deep Web > Threat Actor Claims Massive Bet365 Data Breach, Stolen Data Listed on Dark Web

Threat Actor Claims Massive Bet365 Data Breach, Stolen Data Listed on Dark Web

By: Morgan Cipher Senior Privacy Journalist

Last updated: June 23, 2026

Human Written
Threat Actor Claims Massive Bet365 Data Breach, Stolen Data Listed on Dark Web
  • A threat actor using the alias “pablomotos” is advertising what they claim is a massive database of bet365 customer records on the dark web.

  • The alleged dataset reportedly contains full names, IBAN bank account numbers, national identification numbers, and contact details spanning users from multiple countries.

  • Neither bet365 nor independent researchers have confirmed the authenticity of the data, and the claims remain unverified at the time of writing.

A threat actor operating under the alias “pablomotos” is advertising what they describe as a massive customer database allegedly linked to online gambling giant Bet365.

The listing, surfaced by Dark Web Informer, claims to contain more than 120 million records stored in CSV format. If genuine, this would rank among the larger alleged data exposures involving an online betting platform in recent years.

The actor claims the dataset covers customers from the United Kingdom, Germany, Italy, the Netherlands, and Australia. At the time of writing, no independent party has confirmed the authenticity of the data, the scale of any compromise, or whether bet365 itself experienced a direct breach.

What the Alleged Dataset Contains

The threat actor’s advertisement describes a broad range of sensitive personal and financial information. According to the listing, the records include full names, email addresses, phone numbers, user IDs, country information, national identification numbers, and IBAN bank account numbers.

The seller specifically references several national identity systems within the alleged data: the United Kingdom’s National Insurance Number, Germany’s Steuer-ID, Italy’s Codice Fiscale, Australia’s Tax File Number, and the Netherlands’ Burgerservicenummer (BSN).

That combination is what makes this listing particularly alarming to cybersecurity researchers. Most breach listings expose only email addresses or passwords. The alleged dataset combines government-issued identifiers and banking details. The dataset also bundles personal contact information into a single package, significantly increasing the risk for individuals whose data it may include.

The trend of bundling sensitive identifiers for sale is not limited to European data; cybercriminals are also selling South African personal records for pennies as breaches surge across the region.

Why this Puts Users at Serious Risk

Cybercriminals frequently use verified personal information to make fraudulent communications appear credible. Attackers may impersonate financial institutions, betting platforms, tax agencies, or customer support departments to trick victims into surrendering additional sensitive information. Datasets of this nature open the door to identity theft, financial fraud, phishing campaigns, account takeover attempts, and social engineering attacks.

The gambling sector has become an increasingly attractive target for cybercriminals for a specific reason. Online betting operators maintain large volumes of customer data, including identity verification documents collected to satisfy Know Your Customer (KYC) requirements under European and other regional regulations. That regulatory obligation, designed to protect users, simultaneously creates a centralized pool of sensitive data that criminals actively pursue.

Unlike breaches that expose a single data type, the combination of government-issued identifiers, banking details, and contact information in one dataset gives attackers multiple entry points.

A criminal armed with a victim’s name, IBAN number, and national ID can construct highly convincing fraud attempts that are difficult for victims to identify and dismiss.

Unverified Claims and What They Still Reveal

Dark web marketplaces regularly host listings for alleged corporate databases, but not every listing proves legitimate. Researchers advise caution when evaluating claims made on underground forums before independent verification becomes available.

Threat actors commonly exaggerate record counts, recycle older datasets from previous breaches, or bundle multiple sources together to inflate the perceived value of their offerings. The bet365 listing follows a pattern seen repeatedly in similar claims: a high record count, multi-country scope, and a mix of identity and financial data designed to command a higher price from prospective buyers.

At present, no public evidence confirms the authenticity of the data, the number of individuals actually affected, or the specific method by which the information may have been obtained. Treat the claims as unconfirmed allegations until further verification emerges.

What the listing makes clear, regardless of its authenticity, is a reality cybersecurity professionals have consistently highlighted. Databases that combine identity records, financial details, and account information remain among the most sought-after commodities traded within cybercriminal communities.

For users of platforms that collect this level of data, risk doesn’t begin only when a breach is confirmed. It begins the moment that information appears in circulation on the dark web.

Share this article

About the Author

Morgan Cipher

Morgan Cipher

Senior Privacy Journalist

Morgan combines a journalist’s curiosity with a security specialist’s precision. His reporting on data breaches, privacy laws, and encryption tech has been featured in several tech publications. At TorWire, he focuses on real-world threats and how to counter them, always with an eye on what’s next in digital privacy.

Comments (0)

No comments.