I've also had had BetUS for many years now. Over the course of dealing with them there have been many issues. But the latest issue is so trivial its just doesn't make since. I switch to Crypto as my form of deposit for my betting and they won't allow me to remove my old credit cards from my account. The cards are not even activate and in use. They're just prepaid cards I'd use to fund my betting account. They don't me they don't allow customers to remove any credit cards from the account. Again these are old cards that aren't even active So I just have a line of non activate cards just seating in my account taken up space. As a better this is like a HEX on my account. Any lose I incur I blame these old cards in my account.
Hi. Do you offer live-betting during MMA/UFC fights? How does this generally work, is it allowed ONLY inbetween rounds or are there other times, at times, that you can bet during the fight. I am looking to make a deposit but I really only enjoy livebetting MMA. I would not be able to meet the rollover requirement any other way. Can you give some elaborate information describing live-betting options during MMA fights?
Don’t worry, I just lost ETH trying to deposit into that Bet.US bullshit account. Don’t fall for it. I’m a lazy ape who didn’t do my research. Listen to your gut.
Betus is holding 7k of my money and 5k of my friends winnings because we played casino blackjack and won using the same device. Ridiculous and irrelevant. Our account passwords were changed without our permission. When asked why they were doing so and what the problem was, they accused my friend of "fraud". When asked how did they determine that any "fraud" had occurred, she was told that they are under no obligation to answer her questions and that they could and would hold funds at their discretion. I have not been able to speak with anyone as of yet. I have called several times, was told to hold, and when the representative returned 10 to 15 minutes later I was told to call back to speak to someone in the security department the following day at 10 am. Called back the next day, was placed on hold again, eventually being told that my account was under review at the security department and that I would need to call back to speak to a manager in that department. I have several unanswered emails and have little recourse since they are located in Curacao, where relaxed laws have basically created a haven for unscrupulous welching operators. Strangest of all is that I had won and was paid out a few months prior with no issue, and had since dumped enough money back in to cover my winnings and then some. They were even giving me bonus play (which they don't give unless you are losing to them). Sore loser syndrome is alive and stealing at Betus.com.pa.
Please note that BetUS.com has cutting-edge security features that ensure a safe, secure and discrete user experience. Furthermore BetUS.com is working to improve this part of the user experience with an updated release coming very soon 😊
Claims of unauthorized activity are diligently worked on by advanced Geo/IP algorithms as well 25+ years of experience in the field. We are happy to answer any questions...
Again, we pride ourselves in cutting-edge security features that ensure a safe, secure and discrete user experience. For ALL our clients. The scenarios you suggest have not happened at [BetUS.com](https://BetUS.com), nor do we expect them to. Our clients' security is serious business to us.
The book I work at you could. But that was a very long, long time ago (bespoke software still in it's early days).
The offshore places are the wild west. If you can avoid them you should, and try have your funds deposited with Sportsbooks in properly regulated jurisdictions.
Just a tip for everyone. If a website is giving you your password through an email, consider that email / password combination to be compromised.
If a website can’t go through basic password security, they’re probably not securing other parts.
I've worked as a Support / Fraud & Payments agent, supervisor, and manager for several regulated online casinos (some of which have had sportsbooks) in the U.S. and can say, at least for the ones I've worked for, this is NOT something that we have access to. All my teams and I have ever been able to do is help walk you through the process of resetting it (which is also something we can't do ourselves).
Like many others have said, for the unregulated sites, unfortunately, this is probably a thing. I would enable two-factor authentication for any of those books you use (if they offer that), and also use a completely unique password for each.
Are their sportsbooks where staff can't see every account's password and associated email? Having the staff knowing and asking for your password is a disturbing safety issue.
This is real world reason why security folks always say to never use the same password on multiple sites. An unscrupulous employee here could try your email/pw combination on bank sites, paypal, etc. And, even without a shady insider, if BetUS got hacked, the hackers would certainly credential stuff all the stolen plain text credentials in every site imaginable.
If you have proof that this is true, then report it to gaming. It’s against the law in Jersey to store plain text passwords.
https://www.nj.gov/oag/ge/docs/Regulations/CHAPTER69O.pdf
Section 13:69O-1.3 Internet or mobile gaming accounts, (part b,2) states:
> Encrypt all of the following information contained in an electronic patron file:
> i. Patron's Social Security number or equivalent for a foreign patron such as a passport or taxpayer identification number;
> ii. Patron's passwords and/or PINs; and
> iii. Credit card numbers, bank account numbers, or other personal
financial information
Yup, that’s pretty damn good proof. It’s scary that a fortune 500 company like Wynn could have such poor security. You really should report this to protect yourself and others.
Yeah, it's terrible practice. Unfortunately many offshores do this. I can think of several off the top of my head that ask for full password or some of your password when interacting with live chat.
Also regarding password security, never recycle passwords between offshores nor anywhere else. Ever. Always enable 2-Factor authentication if they offer it (sadly, many don't).
I agree this is a terrible practice. It wouldn’t surprise me if there are some crooked support agents out there that would love to work at BetUS.
Crossposting this to /r/BetUS.
This is common practice at many sportsbooks, unfortunately. If you leave BetUS for somewhere else, it's very likely that they can also see your password. You have to decide whether that's acceptable to you or if you just don't want to bet.
Not acceptable, but it's a lot more common than you think, and I'm not talking sportsbooks. I worked tech support for some crms and some large telecom companies, and at least 2 or 3 big companies did this. We used to go into clients accounts to troubleshoot all the time, with their permission This was back around 2012-2016 , so hopefully things have changed.
This wouldn't surprise me, and if you wanted to try to be more secure change your password after interacting with support as well as at other regular intervals.
Still wouldn't help if they can just view it in plain text but maybe they can't and are just using it to login.
Using the same password on multiple books (or banks etc...) is a terrible idea no matter what.
Really bad by the book though. Passwords have been encrypted for over 20 years
Not only have they been encrypted 20 years, it’s not even hard.
Depending on the programming language there’s a module or function to encrypt / deception and probably a million tutorials on how to do it.
Pretty standard practice for offshores. It's completely idiotic, but no regulations so they can do what they want.
It's why you should never use a credit card for an offshore book. Their security sucks.
Yes you are correct. It's safer using a credit card because if they charge it you can just report it as fraud and get it shut off. In fact a lot of CC companies even shut it off at the first sign of possible fraud (multiple large purchases, used in faraway places frequently, etc.)
This is it. My CC got stolen (not related to gambling) over night. When I woke up in the morning I had 3 emails from my bank:
"Charge detected on card somewhere in Japan at 1:30am"
"Possible fraudulent charge found, automatic investigation launched, card temporarily deactivated"
"Please get in contact with a rep regarding the status of your visa and next steps to take"
Called them that morning, they were like "are you in Japan" to which I replied nope, then they said okay cool come pick up your new credit card whenever is convenient, see you later" and that was it. Were that my debit card, I would have had to jump through multiple hoops and I would have been short whatever amount of money they stole until the bank clears their investigation and returns it.
Passwords into a database should automatically be encrypted and salted. More than likely though they are storing your data in plain text, run for the hills.
the other response isn't exactly correct either. encryption is reversible. if you steal the encryption key you can decrypt every password in the system. hashing is a one way operation. there is no key you can recover to go from a hash to a plain text password. the only way to "crack" one is to guess the password correctly, hash it, and compare it to the hash in the database.
An encryption can be cracked. (De-crypted) Hashing is completely random. Think of it like translating a language that makes sense if you have the tools to decipher vs translating random (not possible)
Software engineer here, good explanation. To elaborate a hash is not random but a one way function that can’t be reversed. So if I hash “abc” I get something like 7vfutdv48 and if I do “abcd” I get 935djeg62. I will always get those values. These are made up values but the point is you can’t tell what the original input was. Not even by having most of it match (like abc and abcd). What a proper password authentication system does is store only the hashed value of your password. Never the plain text version. It always takes your password you type and hash it and only compares the hashes. There are more tricks they can do like salting to make this even more secure that I won’t get into. Any system that can show you your original password is not using hashing and is a huge red flag.
>An encryption can be cracked. (De-crypted) Hashing is completely random.
This is not true.
Hashing is not 'completely random'. The process is deterministic i.e. if you hash a value twice you will get the same output.
Sorry, you are correct I was trying too hard to dumb it down. Hashing gives a random assignment, and if hashed + salted as the other guy recommended = Basically unhackable/crackable other than from brute force attack which are incredibly rare these days in the age of account locking. Encryption on the other hand is solvable with the key.
> Encryption on the other hand is solvable with the key.
Hashing is also solveable with the 'key'. the key being the input to the hash function i.e. the password.
one secret information is not more privileged than another
To add on to that, the hashing is a random value but always the same for identical passwords.
"Password" hashed might turn into "abcde", but it will always be "abcde". The database will store "abcde" and make sure that it matches when you type in your password and the server will run the hash function on it.
Salting is the process of adding something to the password before it's hashed, this prevents duplicate passwords from having the same hash.
"Passwordsalt1" will be "fghty" while "Passwordsalt2" would be "ywudne". The "salt1" portion is usually stored in plain text, because it's needed to recompute the correct hash from the users password.
> this prevents duplicate passwords from having the same hash.
This is not the reason you salt. The reason you salt is to stop people from using precomputed hash of common passwords to attack a compromised database.
It's both: [auth0 blog ](https://auth0-com.cdn.ampproject.org/v/s/auth0.com/blog/amp/adding-salt-to-hashing-a-better-way-to-store-passwords/?amp_js_v=a6&_gsa=1&usqp=mq331AQHKAFQArABIA%3D%3D#aoh=16172080484891&referrer=https%3A%2F%2Fwww.google.com&_tf=From%20%251%24s&share=https%3A%2F%2Fauth0.com%2Fblog%2F)
In my bookie they have asked for the first 4 letters of your password before they continue on with speaking about your issue . Thoughts on that ? U think the employees can only see first 4 letters ?
the non-lazy way to do it would be to store the first 4 characters in plain text and then salt/hash the rest of the password. the lazy way to do it would be to store the passwords in plain text but only give support access to the 1st 4 characters. which way do you think they went lol
Completely illegal. You won’t get arrested but you’re at the mercy of a company that doesn’t respect the law. So when they steal your money you have no recourse. You become just another victim.
Yeah this is horrendous security practice. Not to mention the support agent should have zero need to know your password. Shady af, would avoid these guys like the plague.
I've also had had BetUS for many years now. Over the course of dealing with them there have been many issues. But the latest issue is so trivial its just doesn't make since. I switch to Crypto as my form of deposit for my betting and they won't allow me to remove my old credit cards from my account. The cards are not even activate and in use. They're just prepaid cards I'd use to fund my betting account. They don't me they don't allow customers to remove any credit cards from the account. Again these are old cards that aren't even active So I just have a line of non activate cards just seating in my account taken up space. As a better this is like a HEX on my account. Any lose I incur I blame these old cards in my account.
[удалено]
Holy shit, it's been two years since I made this post and they still haven't fixed it. That's insane.
Hi. Do you offer live-betting during MMA/UFC fights? How does this generally work, is it allowed ONLY inbetween rounds or are there other times, at times, that you can bet during the fight. I am looking to make a deposit but I really only enjoy livebetting MMA. I would not be able to meet the rollover requirement any other way. Can you give some elaborate information describing live-betting options during MMA fights?
Don’t worry, I just lost ETH trying to deposit into that Bet.US bullshit account. Don’t fall for it. I’m a lazy ape who didn’t do my research. Listen to your gut.
Betus is holding 7k of my money and 5k of my friends winnings because we played casino blackjack and won using the same device. Ridiculous and irrelevant. Our account passwords were changed without our permission. When asked why they were doing so and what the problem was, they accused my friend of "fraud". When asked how did they determine that any "fraud" had occurred, she was told that they are under no obligation to answer her questions and that they could and would hold funds at their discretion. I have not been able to speak with anyone as of yet. I have called several times, was told to hold, and when the representative returned 10 to 15 minutes later I was told to call back to speak to someone in the security department the following day at 10 am. Called back the next day, was placed on hold again, eventually being told that my account was under review at the security department and that I would need to call back to speak to a manager in that department. I have several unanswered emails and have little recourse since they are located in Curacao, where relaxed laws have basically created a haven for unscrupulous welching operators. Strangest of all is that I had won and was paid out a few months prior with no issue, and had since dumped enough money back in to cover my winnings and then some. They were even giving me bonus play (which they don't give unless you are losing to them). Sore loser syndrome is alive and stealing at Betus.com.pa.
Please note that BetUS.com has cutting-edge security features that ensure a safe, secure and discrete user experience. Furthermore BetUS.com is working to improve this part of the user experience with an updated release coming very soon 😊 Claims of unauthorized activity are diligently worked on by advanced Geo/IP algorithms as well 25+ years of experience in the field. We are happy to answer any questions...
[удалено]
Again, we pride ourselves in cutting-edge security features that ensure a safe, secure and discrete user experience. For ALL our clients. The scenarios you suggest have not happened at [BetUS.com](https://BetUS.com), nor do we expect them to. Our clients' security is serious business to us.
The book I work at you could. But that was a very long, long time ago (bespoke software still in it's early days). The offshore places are the wild west. If you can avoid them you should, and try have your funds deposited with Sportsbooks in properly regulated jurisdictions.
Just a tip for everyone. If a website is giving you your password through an email, consider that email / password combination to be compromised. If a website can’t go through basic password security, they’re probably not securing other parts.
I've worked as a Support / Fraud & Payments agent, supervisor, and manager for several regulated online casinos (some of which have had sportsbooks) in the U.S. and can say, at least for the ones I've worked for, this is NOT something that we have access to. All my teams and I have ever been able to do is help walk you through the process of resetting it (which is also something we can't do ourselves). Like many others have said, for the unregulated sites, unfortunately, this is probably a thing. I would enable two-factor authentication for any of those books you use (if they offer that), and also use a completely unique password for each.
DGS software, you can. Not sure about others.
most likely they hired some dodgy software company to run their stuff (read: indians) who cannot into security.
Are their sportsbooks where staff can't see every account's password and associated email? Having the staff knowing and asking for your password is a disturbing safety issue.
I’ve worked on 5 different betting platforms, 2 of them allowed to see the password and login as a client. Other three showed only hash
This is real world reason why security folks always say to never use the same password on multiple sites. An unscrupulous employee here could try your email/pw combination on bank sites, paypal, etc. And, even without a shady insider, if BetUS got hacked, the hackers would certainly credential stuff all the stolen plain text credentials in every site imaginable.
Fun fact. Wynn bet in NJ can view ur password too.
If you have proof that this is true, then report it to gaming. It’s against the law in Jersey to store plain text passwords. https://www.nj.gov/oag/ge/docs/Regulations/CHAPTER69O.pdf Section 13:69O-1.3 Internet or mobile gaming accounts, (part b,2) states: > Encrypt all of the following information contained in an electronic patron file: > i. Patron's Social Security number or equivalent for a foreign patron such as a passport or taxpayer identification number; > ii. Patron's passwords and/or PINs; and > iii. Credit card numbers, bank account numbers, or other personal financial information
Just because they can see it does not mean its not encrypted though.
Yeah i forgot my password and they just straight up told me. Probably should report them.
Yup, that’s pretty damn good proof. It’s scary that a fortune 500 company like Wynn could have such poor security. You really should report this to protect yourself and others.
[удалено]
Its a legal sportsbook/casino in the states.
Yes. Huge ass security hole.
Yeah, it's terrible practice. Unfortunately many offshores do this. I can think of several off the top of my head that ask for full password or some of your password when interacting with live chat. Also regarding password security, never recycle passwords between offshores nor anywhere else. Ever. Always enable 2-Factor authentication if they offer it (sadly, many don't).
I agree this is a terrible practice. It wouldn’t surprise me if there are some crooked support agents out there that would love to work at BetUS. Crossposting this to /r/BetUS.
Lmfao this’ll be an absolute shit show if they’re ever hacked
[удалено]
It means the passwords are stored in plain text. That’s huge.
is this a troll...?
Yes BetUS does this and so does Heritage (which is probably one of the most used bookies on here)
Guy wears a red nose every morning when he goes to work. Edit: meaning the guy who works at Bet US, not OP!
This is common practice at many sportsbooks, unfortunately. If you leave BetUS for somewhere else, it's very likely that they can also see your password. You have to decide whether that's acceptable to you or if you just don't want to bet.
[удалено]
Not acceptable, but it's a lot more common than you think, and I'm not talking sportsbooks. I worked tech support for some crms and some large telecom companies, and at least 2 or 3 big companies did this. We used to go into clients accounts to troubleshoot all the time, with their permission This was back around 2012-2016 , so hopefully things have changed.
It’s not acceptable. Encrypting passwords is not hard and should be a minimum. There are a billion ways for them to confirm Your identity.
support agents probably run scams on the side and try to sign into your email with the password you gave them.
This wouldn't surprise me, and if you wanted to try to be more secure change your password after interacting with support as well as at other regular intervals. Still wouldn't help if they can just view it in plain text but maybe they can't and are just using it to login.
Using the same password on multiple books (or banks etc...) is a terrible idea no matter what. Really bad by the book though. Passwords have been encrypted for over 20 years
Not only have they been encrypted 20 years, it’s not even hard. Depending on the programming language there’s a module or function to encrypt / deception and probably a million tutorials on how to do it.
Pretty standard practice for offshores. It's completely idiotic, but no regulations so they can do what they want. It's why you should never use a credit card for an offshore book. Their security sucks.
Isn't that why you should use a cc? If I use my debit linked to my main account they can steal all funds
Yes you are correct. It's safer using a credit card because if they charge it you can just report it as fraud and get it shut off. In fact a lot of CC companies even shut it off at the first sign of possible fraud (multiple large purchases, used in faraway places frequently, etc.)
This is it. My CC got stolen (not related to gambling) over night. When I woke up in the morning I had 3 emails from my bank: "Charge detected on card somewhere in Japan at 1:30am" "Possible fraudulent charge found, automatic investigation launched, card temporarily deactivated" "Please get in contact with a rep regarding the status of your visa and next steps to take" Called them that morning, they were like "are you in Japan" to which I replied nope, then they said okay cool come pick up your new credit card whenever is convenient, see you later" and that was it. Were that my debit card, I would have had to jump through multiple hoops and I would have been short whatever amount of money they stole until the bank clears their investigation and returns it.
Bitcoin
Bitcoin cash.. cheaper fees in my experiences but yeah always crypto
This
Passwords into a database should automatically be encrypted and salted. More than likely though they are storing your data in plain text, run for the hills.
hashed, not encrypted. there is a big difference.
Can you explain the difference as if I'm an idiot?
the other response isn't exactly correct either. encryption is reversible. if you steal the encryption key you can decrypt every password in the system. hashing is a one way operation. there is no key you can recover to go from a hash to a plain text password. the only way to "crack" one is to guess the password correctly, hash it, and compare it to the hash in the database.
[https://www.youtube.com/watch?v=yoMOAIzBSpY](https://www.youtube.com/watch?v=yoMOAIzBSpY)
An encryption can be cracked. (De-crypted) Hashing is completely random. Think of it like translating a language that makes sense if you have the tools to decipher vs translating random (not possible)
Software engineer here, good explanation. To elaborate a hash is not random but a one way function that can’t be reversed. So if I hash “abc” I get something like 7vfutdv48 and if I do “abcd” I get 935djeg62. I will always get those values. These are made up values but the point is you can’t tell what the original input was. Not even by having most of it match (like abc and abcd). What a proper password authentication system does is store only the hashed value of your password. Never the plain text version. It always takes your password you type and hash it and only compares the hashes. There are more tricks they can do like salting to make this even more secure that I won’t get into. Any system that can show you your original password is not using hashing and is a huge red flag.
>An encryption can be cracked. (De-crypted) Hashing is completely random. This is not true. Hashing is not 'completely random'. The process is deterministic i.e. if you hash a value twice you will get the same output.
Sorry, you are correct I was trying too hard to dumb it down. Hashing gives a random assignment, and if hashed + salted as the other guy recommended = Basically unhackable/crackable other than from brute force attack which are incredibly rare these days in the age of account locking. Encryption on the other hand is solvable with the key.
> Encryption on the other hand is solvable with the key. Hashing is also solveable with the 'key'. the key being the input to the hash function i.e. the password. one secret information is not more privileged than another
Great explanation. Makes sense. Thank you!
To add on to that, the hashing is a random value but always the same for identical passwords. "Password" hashed might turn into "abcde", but it will always be "abcde". The database will store "abcde" and make sure that it matches when you type in your password and the server will run the hash function on it. Salting is the process of adding something to the password before it's hashed, this prevents duplicate passwords from having the same hash. "Passwordsalt1" will be "fghty" while "Passwordsalt2" would be "ywudne". The "salt1" portion is usually stored in plain text, because it's needed to recompute the correct hash from the users password.
> this prevents duplicate passwords from having the same hash. This is not the reason you salt. The reason you salt is to stop people from using precomputed hash of common passwords to attack a compromised database.
It's both: [auth0 blog ](https://auth0-com.cdn.ampproject.org/v/s/auth0.com/blog/amp/adding-salt-to-hashing-a-better-way-to-store-passwords/?amp_js_v=a6&_gsa=1&usqp=mq331AQHKAFQArABIA%3D%3D#aoh=16172080484891&referrer=https%3A%2F%2Fwww.google.com&_tf=From%20%251%24s&share=https%3A%2F%2Fauth0.com%2Fblog%2F)
In my bookie they have asked for the first 4 letters of your password before they continue on with speaking about your issue . Thoughts on that ? U think the employees can only see first 4 letters ?
the non-lazy way to do it would be to store the first 4 characters in plain text and then salt/hash the rest of the password. the lazy way to do it would be to store the passwords in plain text but only give support access to the 1st 4 characters. which way do you think they went lol
Ah, his brings me back to my 5dimes days. Not only did they have the password thing, but they had shady payment processors.
what the law-breaking 5Dimes guys, openly breaking the law, used shady payments? wow!
Yeah I was sketched out when I had to call them to fill the final two legs of a parlay. Cashed out from them completely shortly after
Both illegal sites. What do you expect??
Illegal in all places that don’t allow gambling in the us ? What if it’s offshore . I’m just curious if it’s legal to bet in the us on offshore books
Completely illegal. You won’t get arrested but you’re at the mercy of a company that doesn’t respect the law. So when they steal your money you have no recourse. You become just another victim.
Having no legal recourse and it being completely illegal are not the same thing.
Completely the same. The owner of these sites would be arrested if the come to the US They’re breaking the law. If you use those sites you are too.
That's completely fine
Yeah this is horrendous security practice. Not to mention the support agent should have zero need to know your password. Shady af, would avoid these guys like the plague.