Quote:
Originally Posted by hawaiisteve
Guys... the more I think about my being hacked, the more it bothers me... Can someone educate me a little about how this could have happened?
Obviously, I do not have any specific information on what happened in your situation, only skim-reading what has been posted in this thread.
But if you're interested in broader information on the issue more generally, and how passwords are compromised more broadly, Google released a report about 10 days ago on this exact issue, which is online here:
https://research.google.com/pubs/pub46437.html
Short-version is that they found:
-788,000 potential victims of off-the-shelf keyloggers;
-12.4 million potential victims of phishing kits;
-1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums
In percentage terms:
0.04% Key loggers
0.65% Phishing
99.31% Data breaches and trading
Obviously, data breaches are by far the most likely source. A reasonable place to check if you were a victim of such a data breach is to put your email address into this service:
https://haveibeenpwned.com/
Quote:
Second, he had to either be targeting Pokerstars players specifically
While that's not impossible, the more likely situation is that the data breach came from a service that was connected to online gaming. For example, 2p2 itself was a victim of such a data breach some years ago. It does not take much imagination to check 2p2 user email addresses and passwords against PokerStars accounts (for example - I'm very much not saying that this happened, just pointing to this as a hypothetical example).
Quote:
OR he had to get familiar with Pokerstars, set up an account, deposit, etc.
With 110million+ customers world-wide, PokerStars isn't exactly a niche organisation any more.
Quote:
If he's targeting stars players, how can he get the info off our computers?
There's no evidence that this took place - see above.
If the hacker gained access to your email account, he could similarly see PokerStars activity (for example; again, this is just hypothetical).
Quote:
Can he see my IP address somehow while I'm playing?
Not at any reputable online poker site - some services, such as Skype, had (have?) a security flaw where this happens, but talking about IP addresses has no relevance to the issue at hand without some evidence of it. An IP address isn't a very sensitive issue, in the same way that having your home address doesn't allow a burglar to break in. It's unlikely that a hacker will steal your passwords by somehow stealing your IP address - that's not a tool/strategy that makes much sense from the point-of-view of a hacker in this circumstance.
If you had a millions of dollars of wealth in online accounts, it might be credible for a hacker to try to do that, but this seems like a distraction to me.
Quote:
My last log out was 3 hours before he logged in. I live in the Philippines and his IP address is in Canada. Cant' stars tell that his login was impossible as far as the distance and time between log out and log in?
IP addresses are not tied to physical locations. There's not a very good reason to suspect that a hacker is physically in Canada because some third-party online service suspects that most users of a given IP address is in Canada.
Quote:
Any input would be appreciated and hopefully give me a little peace of mind. Since then I've changed all my passwords, enabled PIN and SMS in stars. Any other precautions you could recommend would help also. Thanks!
The PokerStars SMS Validation service appears to be excellent - use that, and you should be fine. In my personal case, I have the SMS Validation service activated and nothing else, and believe that this will be very secure for my needs.