Risking More than Bets: Data Privacy Concerns in Leading Betting Apps for Super Bowl LVIII

0
883

PRESS RELEASE

 
Risking more than bets: data privacy concerns in leading betting apps for Super Bowl LVIII
 
With Super Bowl LVIII fever gripping the US, millions of sports fans are flocking to mobile betting apps for a piece of the action. But beneath the thrill of the game lies a troubling reality: many users are unwittingly gambling with not just their money, but also their personal data. The latest Incogni research uncovers some concerning practices of the most popular betting services. DraftKings emerges as the frontrunner when it comes to extensive data collection, while Caesars stands out as the most generous when sharing users’ data with third parties. 

Key insights

  • DraftKings collects the most data (22 data points), including your precise location, photos, videos, contacts, files, and docs. It even collects data about other installed apps, and messages.
  • Caesars, Sky Bet, and William Hill tied for second place (17 data points), all collecting data that includes purchase history.
  • Sky Bet gathers health information as well as users’ credit scores, which may extend to information about bank accounts, debts, and mortgages.
  • FanDuel collects a total of 14 data points. These include precise and approximate location, photos, and installed apps.
  • Caesars stands out as the most data-sharing app (14 data points reach third parties). This includes precise location and in-app search history.
  • BetMGM claims not to collect or share any data, which seems unlikely.
  • More than half of the investigated apps, including BetMGM, FanDuel, DraftKings, and Caesars, have been directly or indirectly affected by a data breach or hacking attack.
 
For years, sports betting was heavily restricted due to multiple scandals. However, legislation enacted in the past decade has opened the possibility of making new bets across multiple states. Given the buzz around the 2024 Super Bowl, concerns over data privacy loom larger than ever. 
 
Incogni, a personal data protection company, conducted research that sheds light on the data collection and sharing practices of the 7 most popular betting apps. Researchers analyzed 15 data-point categories to understand the scope of their data collection and sharing practices to better understand the risks involved for users. The findings are concerning: user data is extensively collected and shared, often without clear disclosure or transparency in privacy policies. 
 
DraftKings emerged as the frontrunner when it comes to data collection by gathering 22 data points from users, including precise location, photos, videos, contacts, files, and messages. Close behind it are Caesars, Sky Bet, and William Hill, gathering 17 data points each, including sensitive information such as precise location, in-app search history, health information, purchase histories, and credit scores, which may extend to bank account, debt, and mortgage information. FanDuel follows with 14 data points, including precise and approximate location, as well as information on installed apps. 

Breaches and data mishandling

We found that you don’t need to give up too much data to place bets on sporting events. However, the risks of giving up any data can be severe. The full impact of doing so is felt when a platform you use experiences a data breach.

We found that more than half of the companies behind the apps we investigated were directly or indirectly affected by a data breach.

  • BetMGM was hacked around May 2022 and had the personal information of 1.5M users breached. The information included names, email addresses, and phone numbers.7
  • FanDuel’s customer emails and names were accessed by hackers after a mail service provider was breached in early 2023.8
  • DraftKings experienced a data breach in late 2022, wherein unauthorized parties accessed information about 68K users. The information included names, addresses, phone numbers, and email addresses.9
  • Caesar’s parent company, Caesars Entertainment, had customer data stolen from a compromised third-party IT vendor. The company decided to pay half of the ransom for the stolen data, which has not been leaked as of writing.10
 
Caesars stands out for its extensive data-sharing practices. It shares 14 data points with third parties, including precise location and search history. Meanwhile, FanDuel shares “other info,” which, according to Google’s support pages, can include “[a]ny other personal information such as date of birth, gender identity, veteran status, etc.” Some data collection and sharing with third parties is understandable, as they are necessary to provide the service or proceed with payments. Nevertheless, these numbers of data points seem excessive. Unfortunately, the privacy policies of many betting apps can be unclear, raising questions about what data is actually collected and shared. 
 
Among all investigated betting apps, BetMGM claims not to collect or share any data. This is rare among betting apps, and might be attributed to the fact that Google can only partially monitor whether data collection or sharing disclosures are correct. 
 
Given that data breaches and hacking attacks have affected more than half of the investigated apps, including BetMGM, FanDuel, DraftKings, and Caesars, the risks of giving up any data can be severe. These findings underscore the need for users to be cautious when engaging with betting apps, especially during events like the Super Bowl, where heightened activity may attract malicious actors seeking to exploit vulnerabilities in these platforms.
 
“As consumers increasingly rely on mobile applications for entertainment and engagement, it should be a priority for developers and regulatory bodies to protect user privacy and data security. Clear and transparent privacy policies, stricter data protection measures, and proactive steps to reduce the risks of data breaches are essential in building trust and confidence among users” – underlines Darius Belejevas, Head of Incogni.
 
Having identified the top sports betting platforms in the US and UK, Incogni researchers collected information about their apps from the Google Play Store. In cases where several apps were published by the same company or with similar names, apps used for sports betting were prioritized.

*********************************************************************

2023-24 Area Conference Schedules: Conference and Team Links

Know some top athletic performances? Seeing some great teams in action?

We can use your help, and it’s simple.  Witness some great performances? Hear about top athletes and top teams in our area?

Athlete of the Week and Team of the Week:

Nominate an athlete or team: HERE

**********************************************

Pancakes or Waffles!  We feature top area athletes with our world-renowned feature. Send us your nominations for who you’d like us to interview HERE

College Athlete Roundup! We want to recognize student-athletes from the area who are competing at the college level. Send us information on college athletes from the area with our simple form HERE

Where are they Now? We feature athletes and difference makers from the past, standouts in sports who excelled over the years and have moved on. Know of a former athlete, coach, or difference maker who we should feature? Know of a former standout competitor whose journey beyond central Wisconsin sports is one we should share? Send us information on athletes and difference makers of the past with our simple form HERE

Baked or Fried! We also feature difference makers throughout central Wisconsin: coaches, booster club leaders, administration, volunteers, you name it. Send us your nominations for who you’d like us to interview HERE

We welcome your stories! Contact us at [email protected]!

David Keech
Author: David Keech

David Keech is a retired teacher and works as a sportswriter, sports official and as an educational consultant. He has reported on amateur sports since 2011, known as 'KeechDaVoice.' David can be reached at [email protected]