Thanks for the clarification; that makes more sense.

I actually think that trying to get a police investigation going is what will get you absolutely nowhere, but I certainly wish you the best of luck with it. Hopefully they have been helpful thus far.

Edit to add: You've mentioned a few times that your MB account was hacked, and nothing else. I think there's a good chance that's fairly meaningless. Several years ago, when I was foolish enough to use the same email/password account for everything, my Click2Pay account was compromised, and nothing else. I never found out how it happened, but it could have been from a forum or a poker site were I had little or no money. I suppose if you know for certain that email and password combo was used nowhere but poker sites where you have decent balances, it could have some importance; otherwise, it's irrelevant IMO.

FWIW:
Full Tilt Poker
Pokerstars
Party Poker
PokerTracker

I.e. zero overlap with you. Dead end methinks. My guess is each failed attempt is likely from a different user/password list.

I've occasionally had failed attempts and didn't pay too much attention to them, but since the start of this month i had started tracking them because of increased frequency:

Sun 12-May-13 1026am PT
Sun 19-May-13 448p PT

Have never had a Skrill security token (ordered it just now though.), so that has nothing to do with anything (aside from being an excellent extra layer of security).

Have never used Lock Poker.

AFAIK i have never been breached on any site anywhere. Tho during my most ******ed downswing (FL -2000bb) i wondered if someone had hacked my comp and could see my hole cards. :P I'm assuming i must just be bad, but it was pretty absurd, and i'm 0.6bb100 over nearly 1M hands.

My hope is that there is a clear paper trail of my funds moving in moneybookers and out. I informed them about the final transaction within 12 hours of it occurring.

You would assume that some way this money must be traceable to the culprit....

Multiple failed login attempts here as well for last 3 weeks or so.
I have an unique pw there and RSA token, so not super worried, but still its no fun knowing people are trying to hack you on a regular basis.

Think of all the web services that don't notify you on failed login attempts.

wow just found out about this thread, same stuff happened to me

latest ip was from france, i had a rsa token so no problem but i changed my email just in case.

im sure all our emails were leaked or sold to another company, im receiving so much spam in my mail box its sick

People posting "had RSA token so no problem" - are you suggesting that without the RSA token they would have gained access to your account? i.e. they knew your account password (or brute-forced it)?

I've never received a failed login attempt from Moneybookers so i'm not sure how its worded. If it's just a failed login attempt, then all this isn't that concerning (someone purchase some email list and is going trying accounts with a few common passwords seeing if any are compromised). However if both username+password are known, and they just fall short on the security token, then this is obviously a much more serious issue.

I mean would skrill tell me the password that was used if I rang them?

No, I asked when it happened to me. I was told that it's not possible for him to view the failed password.

Why are people saying that we should NOT change our passwords if they are secure?

Yeah I'm literally just off the phone to them and they have told me they don't have access to that information.

I mean that's obviously not true. If they really wanted to know then the information will be in their system somewhere even if it needs top level security clearance to reach.

I really hope it's not a moneybookers employee that has released this list and that they would be trying to cover for them.

OP, Have you gotten anything from Skrill regarding your lost funds or any clarifications?

I don't think it's a skrill employee, unless that employee only had the email addresses. Even if that was the case, wouldn't you expect more password guesses? One guess implies they are trying a single specific password, which has overwhelmingly failed.

For the people who had their account accessed, what other sites had your email/password?

For those who've used the same email/password and DID NOT get hacked. Who had your information, so we can eliminate them.

One thing which stuck out to me, I used WSEX with moneybookers in the past and they recently officially went busto, right?

Yeah I haven't had an account at Ultimate bet or wsex.

The sites I will have transferred money to in the last year are:

Stars
FTP
888
Lock
Skypoker
Betfair
Bet365
Paddypower

Don't think there are any more.

If there was a failed login attempt (because they didn't know the password) then there is no reason to change it. You are just opening yourself up to additional attack vectors. Say i don't know your password, but i gain access to your computer temporarily or can install a keylogger; now i just do a failed login attempt, prompt you to reset your password, and capture it, and now gain access to your MB account.

[this is just a quick example to hopefully demonstrate the point, i haven't fully thought it out. I'm not a hacker. But the overall point of not reacting to failed login attempts stands; your account is secure (by definition of failure) and you shouldn't allow a scammer to prompt a change in behaviour]

Makes sense tbh

I must preface this post by saying that I haven't had any failed login attempts, aside from where I have mis-entered the pw myself. However, it seems clear to me that skrill passes on email adds to third parties (see another recent thread on this). I am not sure this is official policy or just some employee selling lists on. Anyone who has joined any poker site will know this is common in the online gaming industry, and you often start getting random casino bonuses etc.

Now I know that skrill specifically must be doing this since I made a new email add in order to set up a skrill account and within a couple of days was getting the standard spam etc. At this time I had yet to use that email address for anything but skrill. But what was slightly more worrying was that many of these spam messages addressed me specifically by my (correct) name-which only skrill could have known linked to that email add.

Now this may be commonplace in the industry, whether or not skrill or other sites would admit it. Everyone might already be aware of this, and it may not be relevant to this thread, but I was slightly shocked and thought I would share my experience.

Is there a way to use a non-email address as the skrill login? It seems like an unnecessary security risk to allow all these dodgy vendors to have our login name.

My 2+2 and MB accounts have entirely different email addresses. My failed login email was on April 14, 2013. (It has a unique password and zero balance so they were quite unsuccessful.)

The question was asking about email address, not password. Right now there doesn't seem to be any suggestion that actual passwords were leaked somehow, just email addresses of accounts.

My personal case ill like to keep quiet until sorted... Still in discussions.

But I am personally very concerned about the amount of responses hear, there has been a clear widespread breach of our personal information from somewhere and a very dangerous criminal is now in possession of all this information and nothing is being done!

Really?

Why would it need to be a place where you have transferred money to? I mean I think it might just as well be a forum where you use the same email as you have registered for Moneybookers. Like say if they were able to use the Cardrunners passwords and just tried them for the email address to log in to Moneybooker.

I mean that's just one example. I'd assume they might just as well try if someone is using emails and passwords for Paypal or something.

Unless i'm misreading the thread, so far only the OP reported his account breached; everyone else is reporting failed login attempt emails.

fwiw i'm not privvy to any information and i haven't received any emails of any kind/

They have all confirmed they have security tokens