I'm sorry that my first post here it's going to be this one, but I think you should know this.
First of all, sorry for my English, but it’s not my mother language.
I want to tell you all this chain of events, so all can see what happened to me, can happen to anyone.
I’ve tried to reach an agreement with PokerStars, and until now I haven’t said anything. I thought that a site like PokerStars, supposedly the more secure in the world, could be able to accept when they had made a mistake and act like the company they say they are: players first.
My story perhaps it’s not really alarming because of the amount I’ve lost. $15K it’s a small amount if we compare it with the amounts that other people have in their accounts (or had in the FTP accounts), but if this happened to me, can also happen to anyone with $50k or $100k.
Before starting, I want to make all of you understand everything, so get ready for a wall of text: sorry for that. But I think that it’s interesting and can help others to see what some big rooms like PokerStars can do to anyone.
Many people have asked me if I had the RSA key, and the answer is: I had it, but not anymore. Nearly a year ago someone entered in my van and stole my laptop and everything (including the key). Because of that PokerStars made me create a PIN number so I could enter in my account. They sent me the PIN number by regular mail, and to activate it I had to send ID documents. I have seen that that’s not necessary anymore, but I’m not 100% sure of what happened in that time (I was really stressed). Well, the thing is I had a password and a PIN number.
The 18th of August someone hacked my mail accounts, one of the poker rooms I play (Poker770, I’m also waiting some news from them to see if I can recover part of the €2.200 the hacker played in the tables. Besides of that, he tried to empty my cashier). He also entered in my Neteller acc and emptied it, and the same happened to my bank account (in this case he only stole €2.300 thanks to the security system). I’ve already recovered the $3k from Neteller and the money from the bank (kudos to them).
When all this happened, I contacted with all the sites I play. With most of them, it was really fast, because I could call them by phone. With PokerStars, it was more difficult: they don’t have a phone number; I had to use the e-mail (I live in Spain, btw).
They decide to close my account for security reasons and also to check the last movements, to see if something strange had happened. Besides, they told me to open an e-mail account so I could talk with them, because they don’t have a phone number.
I opened the new account, and then I’ve already improved even more the security of my system, antivirus, antispyware, firewalls, etc. In fact I formatted the PC.
In the PS account, I changed passwords, e-mail, PIN number, etc.
Some days later, they send me the last movements of the Stars acc and everything seems to be OK. I only use the new e-mail acc to open with Stars. Few days later, I decide to activate again the account, so I ask them how I can make this. They only tell me that I have to send a copy of my ID card to the support mail. First time they say the quality is not enough, so I send it again, no problem.
All the e-mails I send from this acc are deleted afterwards I send them; just to be sure they are not there. The hackers usually try to attack again, so I tried my best to keep my acc and my information safe.
I keep waiting for the answer of Stars until suddenly, a Sunday I got a phone call from a fellow player: Javier Tazón (Muckedboy). He told me that someone had gambled more than $9k in the FL tables $50-$100 and $200-$400 (you can check that in my PTR: http://www.pokertableratings.com/sta...search/corbein
Of course, I sent and e-mail to customer support ASAP and they told me that my acc had been active for the last 2 days, that they sent me a new password AND PIN number to my e-mail acc (the hacker obv deleted them). All of this without calling me, and knowing that my accs had been hacked just a week ago. It’s more or less like if your bank sent an email with your credit card numbers and the PIN in the same mail.
When they check my acc, yes, someone have entered, played in the Limit tables (losing more than $9k) and he also changed my Neteller account and made a payout of the rest of the money: $5k. Stars checks everything, there wasn’t any chip dumping so the money was legally won by other players so they can keep it. Here I want to add something: you can’t change the Neteller accounts, not even when they have stolen everything inside, you can only change them with the ID check.
Someone entered, changed the number of an account (that had been there for three years, mostly because you can’t change that), from a non-Spanish IP (he/they used IP from India, Netherlands and Luxembourg) and after checking the process (two days) they allow him to get out all the money. There wasn’t anything suspicious at all. Wot?
The security department of PS.com told me that I’m responsible of the security of my accs since the beginning, and I have to say: yes, that’s true, but I want to add something: the mail acc was created only to talk with the room, not to make them send me anything at all, the room NEVER told me that they were going to change anything, (what’s then the use of changing the password and the PIN just before they block my acc?)
I’ve talking with them by mail and phone (they called me) and they say that the room have acted in goodwill and they thought that because I sent my ID, the acc was 100% safe. I found really incredible that someone in a security department tells me that an acc is 100% safe when I was hacked one week ago.
The acc activation process is, as they told me, this way (how the hell I could know that?) and NEVER had any problem (after my case, they are going to study again all the activation process) and following their T&C, I’m the only one to blame and the only responsible of what happens to my acc, even when they sent all de access data to an e-mail address because someone thought it was a good idea, because someone thought my acc was 100% safe. Of course, all of this with a lot of goodwill. Goodwill everywhere.
Now, you can think that they are right, but keep reading, there’s more. I sent them around 20 mails asking them to study my case again, and they always gave me the same answer: NO. Even with the Neteller thing.
I’ve been talking by phone (after asking for it by e-mail) a few times, and sometimes for more than three hours. All worthless. Nobody told me anything at all. It was my fault. Bye, bye money, we are sorry.
I’ve to say thanks to Muckedboy, because he started talking with other people, people that has a closer relationship with Stars than me. I’m not going to give names, but I’m really and deeply grateful.
This week, they have revisited my case for the 4th or 5th time, and I got an answer. After more than 20 mails, three hours of phone calls and people talking in my name, they have admitted that they are partly guilty in the problems surrounding the Neteller account.
Well, it was a real madness that they tried to blame me for that. Of the $15k, I only got back $5k. The rest of the money? Well, I can consider myself lucky, and please don’t call again.
The idea of making this public it’s not, by any means, an attempt to make people stop playing in the site. That’s something impossible and I don’t want that. What I want it’s to make all of you that anyone can suffer from this. The poker sites use the “legal void” to avoid any responsibility.
Imagine that this happens to Random Player, a guy without many friends and without contacts. Even if he had $100k in his acc, they would have told him “Sorry m8, more luck next time, we are not responsible of anything at all”.
I’ve recovered all the money from Neteller; my bank had insurance so I got it back. PokerStars it’s not a bank, but they keep our money like they were, so they should act like one. The security it’s a matter of the user, they wash their hands in nearly all the cases.
Also, another thing I want you to know, it’s that your money is much less safe in the cashier of PokerStars than in a Moneybookers or Neteller acc. The best thing is keep in the cashier the minimum to play and if you need, make a deposit (an instant process), instead of keeping the money in the poker acc, because if you get hacked, you are doomed.
Could I have avoided all this? Yes, for sure. If I had the RSA key perhaps the hacker couldn’t enter my acc (or at least had a harder time). If my e-mail acc had been in Gmail, perhaps nothing could have happened. If I were living in the Isle of Man I could go to their offices to get the PIN, but I also know is that if they didn’t send me my pass and PIN or acc number and PIN together, nothing of this could have happened.
The people that steal accounts in this way are professionals, so they know how to dodge the security in a lot of ways users don’t know. Accessing an e-mail account is much easier than it seems, but entering my Neteller acc, get the details of my credit card (I don’t use it online! I pay with PayPal)...
Perhaps the RSA key is 100% safe (I’m not sure of that). But I’m 100% sure that if the poker site sends you to hell, you are going to hell.
To end all this huge post, I want to talk about what I said before, and to those that think that I’m the only one to blame.
To activate again my acc, someone from the security department has contacted me by phone to give me the password and after that they sent the PIN to the e-mail. A more logical process for something that it’s supposed to be a “safety procedure”. Now they don’t send the two things necessary to access, and I don’t know if that’s the way it’s going to be from now on. Who knows, perhaps my incident have made the room change their ways. What I know it’s that to make things change they needed someone to lose the money. This time, it’s been me, for the “small” price of $9k.
If you have read all of this, thanks for all. I’ll try to answer all the questions anyone may have, but remember that my English it’s not very good.
You can also find me in my twitter account: corbein1, I'll try also to answer there all your questions