Brinztech Alert: The Alleged Database of 365Scores is on Sale

Dark Web News Analysis

The dark web news reports a data breach involving 365Scores, a widely used mobile app and website for live sports scores, news, and stats. A threat actor on a hacker forum is selling a database allegedly containing over 330,000 user records.

The asking price is set at $500, and the seller has explicitly stated a willingness to use Escrow, signaling confidence in the data’s authenticity. The compromised fields reportedly include Full Names, Email Addresses, Time Zones, and Preferred Languages.

Key Cybersecurity Insights

Breaches of sports media platforms open unique avenues for fraud, particularly targeting the intersection of sports fandom and gambling:

• Sports Betting Phishing: The most specific threat is related to betting. Sports fans are a prime demographic for gambling sites. Attackers can use the Email Addresses and Language data to send fake promotions: “Free $50 Bet Credit on [Major Gambling Site]” or “Urgent: Issue with your Fantasy League withdrawal.” The context of the user being a known sports fan makes these scams highly credible.
• Credential Stuffing: Users often view sports apps as “low risk” and set weak passwords (or reuse them). However, attackers know this. They will take these 330,000 emails and test them against high-value targets like DraftKings, FanDuel, or banking apps, relying on password reuse.
• Geographic Targeting: The inclusion of Time Zones and Languages allows scammers to time their attacks perfectly (e.g., sending a fake “match alert” with a malicious link just before a major game starts in the user’s specific region).
• Escrow Validation: The seller’s offer to use escrow suggests the data is likely genuine. In the dark web economy, escrow is the standard for “verified” transactions, reducing the likelihood that this is a fake bluff.

Mitigation Strategies

To protect the user base and mitigate regulatory fallout, the following strategies are recommended:

• User Notification: 365Scores should inform users about the breach. Crucially, they must advise users to change their passwords, especially if they use the same password for betting accounts or email.
• Phishing Awareness: Warn users specifically about gambling-related scams. “365Scores will never email you asking for deposits or offering external betting credits.”
• GDPR Compliance: Given 365Scores’ global reach, a significant portion of these 330,000 users are likely EU citizens. This triggers GDPR mandatory breach reporting requirements within 72 hours.
• Credential Monitoring: Implement backend monitoring to detect if the stolen accounts are being used for suspicious behavior, such as sudden changes in user settings or mass login attempts from unusual IPs.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com