1Win Data Breach
1Win Online Betting Platform Breach (2024): 96 Million User Records Including Passport Numbers Exposed
Online betting and gaming platform.
Risk Interpretation
High risk of fraud, account takeover, and payment abuse. Gambling activity can also support coercive scams, financial targeting, and exploitation of problem-gambling behavior.
Impact & Downstream Threats
In November 2024 a hacker operating under the alias fe0dor published a 29GB archive containing data from 1Win's production servers on the Exploit.in forum, exposing approximately 96 million user accounts. The exposed data included names, email addresses, phone numbers, dates of birth, geographic locations, IP addresses, passport numbers, and SHA-256 password hashes stored without salting. The attackers initially demanded $1 million in ransom, which escalated to $15 million before negotiations co
- Credential stuffing against reused passwords across other platforms
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
1Win, an international online sports betting and casino platform, suffered a data breach in early November 2024 after a threat actor using the handle "fe0dor" exploited a server misconfiguration to access the platform's production systems. The attacker published a 29-gigabyte archive on the Exploit.in underground forum containing more than 450 million database rows. Researchers estimated those rows represented approximately 96 million unique user accounts, placing it among the largest recorded breaches in the gambling industry. The attacker initially demanded $1 million in ransom, later escalating that demand to $15 million before negotiations collapsed. 1Win's founder confirmed the breach publicly via Telegram and stated that infrastructure had since been secured. The exposed data included full names, email addresses, phone numbers, dates of birth, geographic locations, IP addresses, passport numbers, and password hashes. Those passwords were stored using SHA-256 without salting, a weak implementation that dramatically reduces the time needed to crack them through brute force. Security researcher Troy Hunt verified the dataset's authenticity in February 2025 and added it to Have I Been Pwned, notifying nearly 96 million affected email addresses. The combination of passport data, location history, and crackable passwords creates serious risk of identity theft, account takeover, and financial fraud. Because 1Win serves gamblers, the exposed data could also be used to target individuals with coercive scams or to exploit problem-gambling behavior. 1Win made no formal breach notifications to affected individuals in most jurisdictions where it operates. Because the platform serves European Union users, it is subject to the General Data Protection Regulation, and regulators in the United Kingdom and Germany opened scoping inquiries following the incident. Affected individuals should treat their 1Win password as compromised, change it immediately on any other account where it was reused, and monitor financial accounts and identity documents for signs of misuse.
About 1Win
1Win is an international online sports betting and casino platform operating under a Curaçao gaming license and incorporated in Cyprus. The platform accepts users across Europe, the Commonwealth of Independent States, Asia, and other markets, offering sports wagering, casino games, and live dealer products. 1Win is one of several large offshore betting operators serving markets where domestic regulation of online gambling is limited or absent.
Why They Hold Your Data
Online betting platforms collect highly sensitive account data, payment records, wagering history, device metadata, and bonus or affiliate activity across digital gambling services.
Recent Developments
1Win has maintained aggressive marketing activity across its target markets, including influencer sponsorships and digital advertising. The company operates in a regulatory gray zone in many jurisdictions, which limits formal oversight of its security and notification practices. The November 2024 breach was the defining event of the recent period.
Data Points Exposed
Exposure Categories
Canonical Fields
date_of_birth, email_address, geographic_locations, ip_address, passport_number, password, phone_number
Dark Web Verification
- Dataset containing ~96.5M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: 1win-2024;1win Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of 1Win
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam