Password was changed, and not by me - Internet Poker

Two Plus Two Forums Online Poker Sites & Marketplaces Online Poker Sites Discussion of Poker Sites

Password was changed, and not by me

Post Reply Subscribe

...

11-17-2008 , 07:01 PM

hockeyav

Carpal \'Tunnel

Join Date: Aug 2007 Posts: 9,991

From: hockeyav
Sent: Mon 11/17/08 5:58 PM
To: support@pokerstars.com
I was locked out of my account for a few minutes while playing, and couldn't log back on because I had a temporary password assigned to my account. I rerequested a temporary password, regained control of my account, but the original request was not made by me.

My IP is (IP).x.x so would it be possible to not request any access to my account in the meantime from a different IP while I reformat my machine.

Also, is there anything else I can do, or you can tell me about this situation.

Thanks,

(hockeyav)

Anything I can do in this scenario, anyone had a similar issue.

Quote

11-17-2008 , 07:15 PM

wems

old hand

Join Date: Dec 2006 Posts: 1,853

mm yah definentally make sure there are no viruses on your comp, and change your password... im trying to get into a method where im changing my password every so often

Quote

11-17-2008 , 07:28 PM

CORed

Carpal \'Tunnel

Join Date: Sep 2002 Posts: 6,044

If I'm not mistaken, Pokerstars has a "forgot password" feature, whereby you can request a new password be sent to the email account you registered with them. That means that you should probably change your email password as well as your Pokerstars password, or create a new email account and register it with Pokerstars, and make sure that the email registered with Pokerstars hasn't been changed. You should also probably reformat your computer, in case your account was compromised by a keylogger.

Quote

11-17-2008 , 07:48 PM

hockeyav

Carpal \'Tunnel

Join Date: Aug 2007 Posts: 9,991

Changed my password, email password.

Went to girlfriend's computer, changed email password again/recovery questions. Awaiting pokerstars email while in the meantime going to run a virus scan/HJT.

Going to go and post the HJT log in computer/technical questions.

Nobody knew my password except my ex, but I really don't think that's where it came from (not that crazy and we didn't really end on bad terms). I just feel like it wouldn't have been a temporary password request if the person knew my pokerstars password too.

Quote

11-17-2008 , 08:06 PM

CORed

Carpal \'Tunnel

Join Date: Sep 2002 Posts: 6,044

Quote:

Originally Posted by hockeyav

I've never used the password recovery feature, but I would gues that what it does is sets a temporary password, emails it to you and forces you to change it when you log in with the temporary password. You are very lucky you caught it, as whoever did it could have set a new permanent password, changed the registered email, and drained your account very quickly.

If your email provider supports it (unfortunately many don't) I would suggest that you set up your email client to connect using SPOP rather than POP, as this encrypts the connection to the email server, eliminating one possible route to your email account being compromised.

Quote

11-17-2008 , 08:49 PM

hockeyav

Carpal \'Tunnel

Join Date: Aug 2007 Posts: 9,991

My ISP is my college network.

I'm not sure whether my school's email would be more or less secure than hotmail.

Quote

11-17-2008 , 09:04 PM

hockeyav

Carpal \'Tunnel

Join Date: Aug 2007 Posts: 9,991

Quote:

Hello Michael,

Thank you for your email.

As a standard procedure, I have closed your account while we investigate.

Please clarify the following:

1. How many computers do you use to play on Pokerstars

2. Do you have other family members or other people living with you that
may have access to your computer

3. Do you normally leave the "remember password" feature on

4. Have you ever provided your password to any other person

5. What is your relation with the player '*ex's account'

By answering these questions, we will be able to investigate into this
matter further.

Please let us know if we can be of any further assistance.

Regards,

Sean
PokerStars Security

Quote:

Thanks very much for the prompt response.

> 1. How many computers do you use to play on Pokerstars

I play only on my laptop, the only thing that changes is whether I'm playing from home on my home network, or at college on my campus network.

>
> 2. Do you have other family members or other people living with you that
> may have access to your computer

I have a roommate who has access to my computer, but my computer is usually closed with a password requiring log on while I'm away.
>
> 3. Do you normally leave the "remember password" feature on

No.
>
> 4. Have you ever provided your password to any other person
>
Not my PokerStars password, my exgirlfriend may have known my hotmail email password.

> 5. What is your relation with the player '*ex's pokerstars account'

My ex girlfriend who I would sometimes play on her computer/she logged on a few times on mine. However I don't think she's played in over a year unless you have some data saying otherwise.

I don't know if you're allowed to disclose any information about IPs, but if you have the information could you see if the request was made from a vcu.edu subnet ( I think it's a 128.172.x.x subnet) because that's where she goes to school now. Also could you possibly look into the temporary password request queries being incorrect with my home address being used instead of my school address (*old address*).

If it all possible I'm trying to figure if this came from someone within my school, from my ex girlfriend, or me possibly just having a virus on my system.

Correspondence so far.

Quote

11-17-2008 , 09:13 PM

ruof

enthusiast

Join Date: Nov 2008 Posts: 51

I don't mean to thread jack, but are passwords sent to stars in plaintext (the fact that there are *'s doesn't mean squat)? I have no clue. If they are sent in the clear, then that's a big security risk. It would be like doing online banking without an encrypted connection.

Quote

11-17-2008 , 09:37 PM

hockeyav

Carpal \'Tunnel

Join Date: Aug 2007 Posts: 9,991

I'm almost certain there is encryption. Besides, it wasn't my pokerstars password which was compromised, only my hotmail. If they had my pokerstars password they could have easily changed it without going through the temporary password.

Quote

11-17-2008 , 10:12 PM

#10

ruof

enthusiast

Join Date: Nov 2008 Posts: 51

If I were you I wouldn't just do a virus check. I would backup all your data, maybe do a double backup if it's that important. Then, format the hard drive and reinstall everything. Make sure you have all you need to install drivers though. Don't blame me if something ends up not working because your component manufacturer is out of business or something.

Some malware escapes virus detection.

Quote

11-18-2008 , 04:57 PM

#11

hockeyav

Carpal \'Tunnel

Join Date: Aug 2007 Posts: 9,991

Quote:

Hello Michael,

Thank you for your reply.

In regards to your concerns, note that your password was changed on Nov.
17th from your usual computer.

The password was changed with practically no problems at all, the person
who did this tried it three times and got it right, this was done from
this IP address 137.155.x.x, which is located on CHRISTOPHER NEWPORT
UNIVERSITY, VIRGINIA, SUFFOLK.

This means that the access, happened either from your computer and/or your
network. All the password requests were made from your own system and
location with no abrupt changes.

You might want to have your computer scanned to remove all possible
viruses or key loggers.

In this case, we would prefer if you could also provide us with a phone
number at which you may be reached in order to discuss this issue.

Please let us know if we can be of any further assistance.

Regards,

Sean
PokerStars Security

Quote:

My phone number is xxx-xxx-xxxx

The 2nd two password changes were done by me, the first on my computer, then the 2nd on my new girlfriend's computer (in case I did have a trojan/keylogger). I've run virus scans/malware scans in safe mode and feel my computer is completely clean now if it was a keylogger. I was playing while my password was changed the first time, so maybe it was possible that the logs have the wrong IP address since I was logged in while the password was changed (which is also why I caught it so fast).

I know the original request made at Mon 11/17/08 5:32 PM EST was not made by me. At that time I was playing 9 tables, when the pokerstars client gave me an error saying my password was incorrect (It essentially logged me out of the lobby, but continued to let me play while that happened). I had been on my computer since about 4 pm, never leaving it, so the original request was not made by me. My roommate who is the only person who ever has physical access to my computer was lying in the bed across from my sleeping from 4 until after all this passed over.

I feel like you're looking at the wrong IP address for the password changes. Although 2 were done by me (137.155.x.x), the first one was not done on my physical machine.

More correspondence.

Quote

11-18-2008 , 05:13 PM

#12

Maso777

Carpal \'Tunnel

Join Date: Jun 2008 Posts: 6,961

Keep us posted, I'm on the edge of my seat.

Quote

11-20-2008 , 02:27 AM

#13

hockeyav

Carpal \'Tunnel

Join Date: Aug 2007 Posts: 9,991

Quote:

exgf (6:36:46 PM): well since i didn't know that that situation was so serious, it was me that did it
hockeyav (6:36:58 PM): why did you do it?
exgf (6:37:28 PM): cause me and my friend were messing around on the computer and we were doing something where something popped up about poker and she mentioned 'didn't your ex play poker all the time' i was liek yea
exgf (6:37:34 PM): and she was liek hm i wonder how much he's made
exgf (6:37:55 PM): so i was trying to sign on to see, i swear on everything you know me for that i wasn't going to do anything else but look
hockeyav (6:38:20 PM): i was actually sort of hoping it was you, because atleast that means my computer is still secure
hockeyav (6:38:30 PM): i've spent days doing scans, analyzing my computer
exgf (6:38:36 PM): i'm sorry :[
exgf (6:38:52 PM): i didn't know it was that serious
hockeyav (6:39:02 PM): well i didn't know who it was, so that's what made it so bad
exgf (6:39:03 PM): like i thought it would just tell me your password
exgf (6:39:05 PM): not change it
exgf (6:39:10 PM): so i was like oh crap
hockeyav (6:39:12 PM): i was playing while it changed too
exgf (6:39:25 PM): i wanted to tell you but honestly i've been scared out of my mind to talk to you

Talked to my ex and got it figured out. Now just need to wait for pokerstars to unlock my account.

Quote

11-20-2008 , 02:32 AM

#14

EvilDruidNE

old hand

Join Date: May 2007 Posts: 1,648

lol, crazy ex

Quote

Post Reply Subscribe

...