URGENT ! ! ! Many Pokerstars accounts hacked recently, Stars accepts no liability

  • 18 replies
    • SDK1987
      SDK1987
      Moderator
      Moderator
      Joined: 12.11.2008 Posts: 27,000
      That’s interesting news. Today I needed to make 2 questions with answers to improve the security of my PokerStars account. Maybe that will help the problems with hackers.
    • VorpalF2F
      VorpalF2F
      Super Moderator
      Super Moderator
      Joined: 02.09.2010 Posts: 8,901
      Hmmmm....
      I did not need to answer security questions.
      I do have a strong password, though, and it is one I use nowhere else.

      I suspect that rather than PokerStars itself being hacked, I'm guessing that there is a bot out there looking to grab players' passwords from their own machines.

      In any case, it it about time I changed my PokerStars password...
      VS
    • VorpalF2F
      VorpalF2F
      Super Moderator
      Super Moderator
      Joined: 02.09.2010 Posts: 8,901
      Cool,
      When I went to change my password, I had to provide the answers to two security questions.
      I guess I must have set them up a long time back.

      When I create security questions, I make sure that the answers have nothing to do with the questions.
      This way, even people that know me can't possibly guess the answers.

      For example:
      :diamond:   Q: What is your favourite football team?
      :diamond:   A: blancmange

      How do I then remember them?
      I don't -- I use a password encryption service for all my passwords.
      I've been using Lastpass for about 4 years now, and would never go back to anything manual.

      Cheers,
      VS
    • rompas
      rompas
      Moderator
      Moderator
      Joined: 12.02.2014 Posts: 2,366
      scary to see that more and more people last few days have been hacked, isnt it time to write a news article about it?
    • mineriva
      mineriva
      Bronze
      Joined: 30.04.2008 Posts: 913
      Cliff notes for the lazy reader:

      The has been a number of players reporting that their accounts were hacked.

      In all the reported cases the victim received an email from pokerstars confirming that the account had been hacked and alleging that the hackers knew the victims password and gained entry without any failed attempts.

      In most cases the hack emanated from a country different from which the victim plays. In fact in at least one case the hack emanated from a "restricted territory" and in another case the hack occurred so shortly after the victim had logged off but so far away that it would have been physically impossible to be the same person.

      The normal modus opperandi of the hackers would be to make a number of deposits. (in one case as many as 22 deposits were made from different cards/methods) Thereafter the hacker would play some games. Then finally the hacker will make a withdraw to a single source. These withdraws are then authorized and paid out immediately. In the cases where everything goes to the hacker plan the deposits are reversed and the victim is left with a negative balance.

      In at least one reported case the victim had limits in place. The hackers were allowed to raise the limits and continue to do the above scam. The victim was left with a negative balance of about 8x the limit he had in place.

      Pokerstars has informed the victims that they will not be allowed to play on pokerstars unless they settle the negative balance.
      Pokerstars has declined to give any details to the victims as to where their money had gone beyond the withdraw method used.
      (The best way to explain the implications of the above is by example: Pokerstars: "your account has been hacked and the hacker has made a fraudulent deposit which we now require you to honour". Victim: "please tell me what happened to the money" Pokerstars: "It was withdrawn to neteller but we have decided we will not give you the details of the account")

      NOW MY INPUT:
      There is a lot of players/victims making a lot of noise around the issue but my problem is the SILENT MAJORITY. It is all the recreational players who have fallen victim and is now expected to pay these negative balances. These people will not go to any forum and complain. They will not pay this money. They will simply go away.

      In a shrinking poker ecology we cannot afford to pro-actively alienate the very people that is keeping things alive.
    • Kyyberi
      Kyyberi
      Coach
      Coach
      Joined: 09.07.2010 Posts: 10,507
      Once again it is good time to remind everyone to get that security token.
    • metza
      metza
      Bronze
      Joined: 28.01.2012 Posts: 2,220
      Originally posted by Kyyberi
      Once again it is good time to remind everyone to get that security token.
      wtf? of course RSA token is good but how is that the conclusion you get from this? I'm sure you mean well but almost seems like victim blaming here.

      This is 100% on Stars imo, given how many completely suspicious things happened and somehow nothing comes up from actions that should have ticked off dozens of alarm bells?

      When I have tried to withdraw legitimately in the past to a credit card that had to be verified with scans of IDs with a name that MATCHES the name on my stars account, I still had to withdraw $X on skrill to the match the skrill deposit of $X before another withdrawal method was possible.

      While this was annoying, it seemed like a logical safety feature and I would've assumed Stars had a number of these in place.

      Yet somehow, someone can just put through a bizzare amount of deposits from a fkn foreign country, fake credit card not in the players name, then withdraw via completely different method (Neteller thats also not in players name) and BEFORE DEPOSITED FUNDS HAVE EVEN BEEN CLEARED AS LEGIT. The even more ridiculous thing is that some players have a Neteller of their own, tied to Stars and still the hackers were able to withdraw to a different Neteller account????

      This is the kind of shitty third rate security you expect from some random poker site that nobody has heard of before, not PokerStars...

      Then to expect the customers whose bankrolls never should have been allowed to be stolen in the first place, to also pay up for the funds that were withdrawn without proper verification, is an unreal joke.

      At least PokerStars PR team is doing a good job keeping this fairly quiet. Dunno how a Playtech owned site hasn't published a news article on this yet though, seems like they'd love a story like this?
    • Anomic
      Anomic
      Bronze
      Joined: 14.01.2012 Posts: 557
      Instead of hiring more models and celebs they should invest some money in not coming across like the worst pokersite in existence
    • metza
      metza
      Bronze
      Joined: 28.01.2012 Posts: 2,220
      Originally posted by Anomic
      Instead of hiring more models and celebs they should invest some money in not coming across like the worst pokersite in existence
      Hiring models is gonna backfire imo...

    • mineriva
      mineriva
      Bronze
      Joined: 30.04.2008 Posts: 913
      Naturally RSA would help but my point:

      Your losing rec play will not get RSA. If hacked will not complain on the forums and will not come back.

      The poker ecology loses.
    • GoOnCal1
      GoOnCal1
      Bronze
      Joined: 22.01.2015 Posts: 581
      http://pokerfuse.com/news/poker-room-news/26647-pokerstars-winning-battle-against-hacking/
    • pufarine
      pufarine
      Bronze
      Joined: 22.05.2010 Posts: 1,153
      @vorpal: can u please give some details about how lastpass works with pokerstars? I can t workitout... thanks!
    • VorpalF2F
      VorpalF2F
      Super Moderator
      Super Moderator
      Joined: 02.09.2010 Posts: 8,901
      Originally posted by pufarine
      @vorpal: can u please give some details about how lastpass works with pokerstars? I can t workitout... thanks!
      Hi, pufarine,
      To get Lastpass to auto-fill application passwords, you need to have a premium account, and the Lastpass for applications add-on

      The free version will auto-fill websites, but not applications.

      IIRC, when I had the premium version it still did not auto-fill the PokerStars password.
      So when I change my PokerStars password and temporarily forget the new one, I just go look it up.

      Several applications also did not work with Lastpass, so I did not renew the premium subscription.
      I may get it again though, as only the premium version covers mobile.
      You can read the features comparison here:
      https://lastpass.com/features

      You can read about Lastpass for applications here:
      https://helpdesk.lastpass.com/lastpass-for-applications/

      It has been over a year since I tried it last, maybe I'll try it again...

      Best of luck,
      VS
    • Kyyberi
      Kyyberi
      Coach
      Coach
      Joined: 09.07.2010 Posts: 10,507
      If someone can access your Stars account, you will probably lose your money. If not from withdrawals, by chip dumping. So to keep your money safe, invest couple of dollars to that security token.

      This instance is good to remind everyone who thinks "oh they are not after my money as I am not a high stakes player" that hackers are after everyone's money.
    • pufarine
      pufarine
      Bronze
      Joined: 22.05.2010 Posts: 1,153
      I see... ok, thanks! :D
    • Vygantas82
      Vygantas82
      Bronze
      Joined: 02.04.2010 Posts: 361
      i would recomend KeePass over Lastpass http://keepass.info/ It's free, open source, has many plugins and keeps your passwords localy in computer or USB. you can also synchronise it with dropbox/google drive if you want. many online poker players use it. And it has autotype for apps too http://keepass.info/help/base/autotype.html for browsers there are plugins, for firefox it's called KeeFox, other like chrome also have plugins for this app. There are many good lessons for beginers on youtube about how to use KeePass. Lastpass is not very good pass manager b/c many times seriuos security holes was found in it.
    • AlphaVillain
      AlphaVillain
      Gold
      Joined: 09.10.2014 Posts: 367
      I really don't think this is PokerStars's fault.

      The users clearly lost their passwords to a keylogger program. PokerStars didn't leak their passwords. If they don't even bother to use a half-decent antivirus, it's their own fault. They can't expect the entire world to look after them if they can't look after themselves in the most basic way. This is the problem with the world today, they blame everybody else for their actions except themselves. I call this a tax on stupidity. The hacker made a fair buck in my view. It's exactly what we do as grinders, we exploit weakness and tax stupidity.

      PokerStars also has FREE bonus security features, such as SMS validation. There's no need to spend anything on an RSA token, so there's no excuse for not securing your account except ignorance or laziness.

      Also, PokerStars can't know your name just from your NETELLER account number because NETELLER's policy probably respects privacy and will not provide your personal data to other people. Same thing with Skrill and other payment methods. The hacker probably used anonymous deposit and withdrawal methods, there's not much PokerStars could have done about it.
    • AlphaVillain
      AlphaVillain
      Gold
      Joined: 09.10.2014 Posts: 367
      I see now that he's also used a credit card to deposit. Maybe they could have been more careful about that.

      Some of the poster's expectations of PokerStars are just ridiculous.

      "however it raised no red flags when:

      -Makes 69 purchases from the PS Store , converting 1000 FPP's into $10 each time, even though I have not made any purchases from the PS Store in years, and no one in their right mind would convert 69,000 FPP's, as a bronze star, because you will lose a lot of value.

      -He proceeds to throw money away on the tables on games I don't usually play, even though more than 95% of my hands are played on HU SNG."

      He's using the VIP store to buy the cash bonuses that his VIP levels allows? Better freeze the account for safety.

      He switched games? Better freeze that account for safety.