Posted this earlier in a different forum:

I just logged into my email to find out that both it and my moneybookers account had been hacked.

The hackers transferred money to guntarslorbergs@gmail.com . Fortunately my 90 transaction limit was near maxed out and they could only send 4k. The timestamp on the transfer is December 17 at 22:46 (not sure of the time zone) and I've emailed their support. The office is closed now but I'll call as soon as it reopens.

Anyone have any experience with this and/or have any advice? (I know, get the rsd token...I'm still waiting for them to send it as of like June!)

Changing passwords to everything now. Will check on how to see if I have a trojan. I'd guess not as all of my poker accounts are still untouched.

Cheers for any help.

Update:

Whomever it was was still working on my accounts and while I was changing my passwords he was, at the very least, trying to change the email account on my UB account so he had accessed that as well.

I contacted UB and they've frozen my account (although their support was total trash about it).

It seems as though the hacker has accessed everything via my email. He had my UB password reset to get in there, same with my moneybookers.

What steps do I take from here?

good luck man

I figured out how to check my gmail login records. The guy was logging in from Latvia. Here's the IP

Latvia (78.84.242.195)

do you have any e-friends from Litvia?

nope :-/

then it probably isnt a friend who is doing this right now

well if he is a good hacker the IP don´t matter because it is quite easy to "spoof" it..

sorry to hear that. but 4k on UB? are you ****ing insane?

i wouldnt keep that much on any site without a rsa token

Reading comprehension fail. He said the 4k was sent from his moneybookers to that gmail address, not that he had 4k on UB. Plus maybe he plays 5/10; then 4k would only be 4 buyins to begin with even if it were the case!

Good luck OP.

OP, there are a few basic steps you should take.

First, change any password reset questions that you also have on your compromised accounts. Also change passwords and questions on any secondary accounts (e.g. those to which reset links can be sent).

You should consider all accounts linked to your email (poker, banking, anything else you care about) to be compromised. Deal with all of them.

Make sure your machine's clean. CTH can help you do this. Follow the steps in this thread and post your logs in a new thread in CTH with a description of what happened.

OP, please note when you do this:

DO IT ON A SEPARATE, UNCOMPROMISED COMPUTER.

If you got hacked, there may be a keylogger on yours, which would mean they'll know your new passwords.

What if u use voice recognition software to type instead of keyboard?

This is absolutely correct - they should be changed from a known clean machine. If you have access only to yours, get it clean asap.

Stuff like this makes me happy that I have RSA tokens on all sites. Good luck OP!

Sorry to hear about this OP. I would highly recommend that you reformat your PC right now. Good luck finding the guy who did this.

Download Malwarebytes, install and update. (free version)

Start your computer in safe mode and run the Malwarebytes program from the administrator account.

Malwarebytes:

http://www.malwarebytes.org/

Safe Mode Instructions:

http://www.pchell.com/support/safemode.shtml

Change your password info for all accounts from an uncomprimised computer ASAP. Call your credit card companies and see if you have any unusual transactions. Check your bank statements at the bank. I would even go so far as to get a credit report from Transunion as soon as possible. I hope you're not going to be a victim of identity theft.

MBAM is one of several preliminary steps we recommend in the CTH thread I linked to. It's very good but not enough on its own.

Thanks guys, just finishing up a ski trip today. I'll update this when I get home in a few hours. There have been some developments and at least 2500 is already recovered.

why is everyone assuming its a guy

gl btw

damn man. shity glgl resolving issue

How difficult is it for a hacker to claim the RSA token is lost and get stuff reset once they have your email/id? I'm sure Stars/Tilt are somewhat careful, not so confident about UB.

I still think the most important step is to have a dedicated poker computer with secure/unique passwords and email addresses.

Hehe, guilty.

I read posts like this here from time to time, and I don't understand how it happens to people.

I'm a small stakes player so i've never been worried about losing money on my account. But for people with thousands or more on their system, I don't understand how people get it from the "player side" without the person either knowing the player, or the player doing something unwise.

Poker username, poker password, email addy, email addy pw. Without those, I don't quite understand how a person would even be able to identify a player, let alone get into their account. Mind you I'm not knowledgable of the latest hacking tools, but are most compromised accounts the work of outsiders or an inside job? Maybe there's a thread somewhere about this?

I'm interested in this. What's the procedure when you lose RSA token?