In April 2024, OPAP, Greece’s leading gaming and betting company, successfully thwarted a large-scale cyberattack targeting online player accounts. The company’s newly released annual report reveals the severity of the incident, highlighting the need for a coordinated and immediate response to prevent financial and data breaches.
The attack was detected on April 8, 2024, when OPAP’s Cybersecurity and Information Security Center identified unusual login activity on its online platforms, pamestoixima.gr and opaponline.gr. Security analysts noticed a massive number of failed login attempts, which triggered an automatic lockdown of multiple player accounts. The company’s cybersecurity team immediately launched an internal investigation, using its Player Account Management (PAM) system to analyze the source and scale of the attack.
The analysis revealed that hackers attempted multiple unauthorized logins, and in some cases, they tried to withdraw funds from compromised accounts. While the cyberattack specifically targeted OPAP’s online users, the company confirmed that its core systems and infrastructure remained secure.
OPAP responded swiftly and decisively, implementing a series of security measures to protect users. Accounts that had been compromised were automatically deactivated, and affected users received SMS notifications instructing them to reset their passwords before they could regain access. Any locked accounts required manual verification through OPAP’s customer service, ensuring a strict identity authentication process before reactivation.
To prevent financial losses, OPAP completely blocked withdrawals through unverified payment methods, eliminating the possibility of fraudulent fund transfers. The company also strengthened its cybersecurity protocols, reducing the maximum number of failed login attempts from five to three, significantly lowering the risk of brute-force hacking attacks. Additionally, OPAP introduced real-time security alerts, which activate when suspicious login activity is detected, such as attempts from unfamiliar locations or unauthorized devices.
Beyond immediate damage control, OPAP invested in long-term digital security enhancements to prevent future breaches. The company deployed advanced cybersecurity technologies, including Data Leakage Prevention (DLP) systems, which ensure that sensitive information cannot be transferred without authorization. OPAP also implemented cyber threat monitoring mechanisms, which use data analytics and real-time tracking to detect and neutralize potential threats before they escalate.
In total, OPAP’s Cybersecurity Operations Center successfully identified and neutralized 534 potential cyber threats throughout 2024, preventing any major security incidents.
