In the first part of this series, we looked at how the Safaricom data scandal allegedly began from inside the country’s biggest telco, where customer records, M-Pesa histories, betting patterns, device details, locations and other sensitive subscriber information allegedly walked out through insiders who understood that Kenya’s private digital life had become more valuable than land, tenders or even cash in a briefcase.
But the real scandal was never going to end with the people who allegedly accessed the data. A stolen database does not become dangerous because it exists somewhere in a laptop. It becomes dangerous when someone starts looking for buyers, when samples begin moving, when names of interested companies enter conversations, when payment language appears, and when people start discussing customer records like sacks of maize in a market.
That is where Part Two begins.
The complaint before investigative and regulatory agencies paints a picture of a data market that allegedly operated with frightening casualness. This was not the image many Kenyans have of hacking, where some mysterious genius sits in a dark room typing strange codes on a black screen. This was more ordinary, more Kenyan and therefore more disturbing. It allegedly involved insiders, WhatsApp messages, Google Drive links, samples, payment talk, middlemen and betting companies that understood the commercial value of knowing exactly who in Kenya was already gambling.
In the documents, Safaricom customer data is not treated like sacred private information belonging to millions of people. It is treated like a product. The complaint refers to forensic WhatsApp material said to contain discussions around samples, buyers, delivery, payment and specific betting-related customer information. The language attributed to these exchanges is the language of people who knew they were not dealing with ordinary contacts, but with information that could change the fortunes of companies fighting for gamblers in a crowded betting market.
This is the part Kenyans must understand properly. A betting company does not need just any list of phone numbers. It needs a list that has already done the hard work for it. It needs to know who bets, how often they bet, how much they stake, which platform they use, where they are located, what kind of phone they carry and how their M-Pesa life behaves around the betting habit. That is why the alleged Safaricom punters file was so valuable. It did not merely tell a company where people were. It allegedly told the company where the weakness was.
The complaint places the alleged breach between June 2018 and May 2019 and says up to 29.9 million Safaricom customer records were accessed, with the profile of about 11.5 million punters being of particular concern. These numbers are not just statistics. They represent a country whose private financial behaviour may have been exposed to commercial actors who did not ask for consent, did not receive permission and allegedly saw opportunity where ordinary Kenyans saw only their phones, M-Pesa messages and betting slips.
The WhatsApp trail cited in the complaint is therefore central because it allegedly shows the movement from theft to monetisation. It is one thing for insiders to access data unlawfully. It is another thing for that data to be packaged, sampled, discussed and pushed towards companies in a sector where customer targeting is everything. The alleged market was not selling entertainment. It was selling access to people who had already demonstrated gambling behaviour, and that is why Odibets, Kwikbets and other betting companies sit at the centre of the story.
By the time the betting industry was exploding in Kenya, every operator knew that the fight was no longer just about having a licence, a website and a few adverts. The fight was for the punter’s phone. Whoever entered that phone repeatedly would control the habit. Whoever could reach a gambler at the right moment would increase deposits. Whoever could identify frequent players would save millions in blind advertising. In such an environment, a stolen file containing betting histories and M-Pesa-linked behaviour would not be a simple marketing tool. It would be a cheat code.
That is why the alleged WhatsApp market must be treated as the real bridge between Safaricom and the betting companies. It is the bridge between private customer records and commercial exploitation. It is the place where data allegedly stopped being an internal breach and became a business opportunity. It is also the place where investigators can follow the trail from the people who had access to the people who wanted the information, received samples, negotiated value, moved money and turned customer secrets into gambling intelligence.
The complaint refers to Odibets, trading under Kareco Holdings Limited, as one of the companies whose records are now part of the wider questions around how unlawfully obtained subscriber information allegedly moved into the betting industry. It also raises questions around Kwikbets and other betting companies, placing them in the broader trail that connects Safaricom insiders, stolen data, customer profiling and the commercial race for Kenyan gamblers.
This is why the matter cannot be sanitised as a normal corporate data incident. The issue is not only that customer information allegedly left Safaricom. The issue is that the data allegedly moved towards an industry whose profits depend on identifying people likely to stake money again and again. There is a world of difference between a leak of random contacts and a leak of betting behaviour. One exposes privacy. The other exposes weakness.
A person’s betting history is not just a number on a spreadsheet. It is a confession of habit. It can show desperation, addiction, routine, financial stress and emotional timing. A man who bets every Friday after salary is not the same as a man who places one random bet during AFCON. A student who stakes small amounts daily is not the same as a rich man betting casually for fun. A boda rider who loses and returns within hours tells a betting company something powerful about his psychology. When such information is allegedly extracted from telco systems and pushed into the betting economy, the scandal becomes moral, financial and criminal all at once.
What makes the WhatsApp trail especially ugly is the ordinary tone of the alleged communication. Kenya has always imagined corruption as something that happens in big offices, with brown envelopes, tenders, board minutes and signatures. But this kind of scandal belongs to a new era. The negotiations can happen on phones. The samples can move through links. The customer records can be stored in folders. The money can move through bank accounts, M-Pesa or intermediaries. The deal can be done without anyone touching a physical file.
That is why digital corruption is more dangerous than the old corruption Kenyans became used to. When someone steals money from a ministry, at least the theft can sometimes be seen in a stalled road, a ghost dam or a missing hospital. When someone steals behaviour, the damage is quieter. The victim continues living normally, not knowing that his identity, transactions, habits and gambling profile may have been turned into commercial ammunition.
The betting companies did not need to steal the whole country equally. They needed the people who mattered to their business. The complaint’s reference to 11.5 million punters is therefore the heart of the matter because it suggests that the real prize was not the entire Safaricom customer universe, but the gambling segment inside it. That is the crowd every betting company wants. That is the list behind the jackpot adverts. That is the secret audience behind the bonus messages. That is the group whose repeated losses can build empires.
Odibets grew during this same gambling boom, becoming one of the most visible betting brands in the country, while Kwikbets and other gambling companies also operated in a market where data advantage could mean faster growth, cheaper acquisition and sharper targeting. The documents now force the public to look beyond the colourful campaigns and ask how the customer bases were really built, which external lists were used, which intermediaries supplied data, which payments were made, and whether the private Safaricom information of millions of Kenyans became part of the betting industry’s backroom machinery.
The records now matter more than the public image. Customer database histories, marketing contracts, agency agreements, phone communication, M-Pesa transactions, bank movements and internal campaign logs from the period under review are the places where the truth of this scandal sits. The story is no longer about whether betting companies were popular. They were popular. The story is about whether part of that popularity was built using unlawfully obtained information that allowed selected operators to find gamblers with a precision ordinary advertising could never achieve.
This is also why the silence around the alleged corporate beneficiaries is disturbing. Kenya is very efficient when chasing small people but suddenly becomes philosophical when big money enters the room. Former employees can be charged, clerks can be questioned and middlemen can be named, but once the trail begins pointing towards companies with licences, lawyers, political friends and advertising budgets, the system starts moving like a tired donkey climbing a hill.
The WhatsApp market described in the complaint should therefore be read as the middle chapter of the scandal. It connects the alleged extraction of Safaricom data to the betting economy. It shows how customer information allegedly became a commodity. It explains why Odibets, Kwikbets and other betting companies cannot be treated as side characters in a story that was only about rogue telco employees. The data had value because there were buyers. The buyers had interest because the data could produce customers. The customers were valuable because betting companies make money from repetition, weakness and return.
This is the cruelty of the entire matter. The poor man thought he was betting against odds, yet the documents now suggest that the real game may have started long before he opened his betting account. His data may have already been sitting somewhere, discussed by people who knew his habits better than he imagined. His phone number may have been part of a list. His M-Pesa behaviour may have been part of a profile. His betting frequency may have been turned into a signal. His desperation may have been converted into market value.
The Safaricom data heist therefore exposes the rotten genius of the modern gambling economy. The companies do not only sell dreams. They study the dreamer. They do not only wait for the gambler. They look for him. They do not only advertise hope. They allegedly use data to identify the people most likely to keep buying that hope after repeated losses.
That is why Part Two of this series is about the WhatsApp market. It is about the moment customer data allegedly stopped being a stolen file and became a product moving towards people who could monetise it. It is about the messages, the samples, the alleged buyers, the intermediaries and the betting companies whose growth now sits under the shadow of Safaricom’s 11.5 million punters file.
In Part Three, we will move from the WhatsApp market into the money trail and examine how payments, bank records, M-Pesa movements, intermediaries and company records could reveal who financed the alleged data trade and who collected the rewards from Kenya’s stolen gambling map.