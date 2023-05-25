RALIEGH, N.C. (WNCN) — With mobile sports betting potentially becoming legal in North Carolina, experts are warning you should prepare to protect your personal information.

That’s because criminals have already been using access to those betting apps to steal cash.

In the last 5 years, Americans have legally bet more than $220 billion dollars on sports, and for scammers that amounts to a license to print money.

As the mobile sports betting bill makes its way through the general assembly, experts are warning that people across the state could become victims of scammers who are using sports betting apps to steal money using your credentials.

“The actual breach of security wasn’t necessarily done through any insecurities with the actual sports betting app itself,” said cybersecurity expert Tony Sabaj of Checkpoint Software Technologies.

They do it using a technique known as credential stuffing.

That’s where hackers buy stolen logins and passwords from the dark web.

Last week, the US Attorney in NY indicted a Wisconsin man who gained unauthorized access to 60,000 sports betting accounts using credential stuffing.

“Because people reuse IDs and passwords all the time, he took those same IDs and passwords and tried them on sports betting sites and was able to just log in as the users,” said Sabaj.

With a sports betting app, you need to enable something called multi-factor authentication.

“You put in your user ID and password normally your, an email account and a password and then it will require a secondary authentication,” said Sabaj.

Use a special password just for your sports betting app.

In fact, use different passwords for every account you have–and use good strong passwords that are unique.

Consumer Investigator Steve Sbraccia wanted to know is there anything the mobile sports betting companies ought to be doing or is all the security on the consumer.

“A lot of it’s on the consumer to make sure they’re taking advantage of some of the extra security settings that the app is providing,” said Sabaj.

You should also never link your sports betting app to your bank account or use a personal debit card as a source for cash.

Because those apps are not allowed to accept credit cards for betting, you need alternatives.

“I would use something like a PayPal where you put money into it or other services like that,” he said.

A reloadable debit card would also work.

You also need to check the permissions the app is requesting…

“Does a sports betting app need to know who my contacts are?” said Sabaj. “Does it really need my camera? Why does a sports betting app need my camera? It doesn’t’ he said. “It’s just going to need access to my location, my Internet.”

Remember the more data an app collects, the more information of yours is out there that could be accessed during a data breach.