Hey all, I registered to this forum just because I want to inform what happened to me and get opinions from other players what should i do. On 30th of August, I started to play on allinasia.com site, when searching for the deals, soft games and reasonable rakeback. After creating account via pokervip.com affiliate, I deposited $1000 using Neteller. The money was transferred to their wallet and i was able to choose any asian room which they offer. So i decided to play on GGpoker network. What has happened next is still mystery. After playing for 3 days and winning around $1,700 between 30th of August and 1st of September, I decided not to play on the weekend (holidays etc.). My computer was safely left in the room and no one has ever touched it. Then, on Monday (4th of September), I tried to log in to the poker room, but faced problems with changed password. I got email with new password and tried to login again. After logging in to my GG poker account there was only $111 left, which is probably from monday rakeback. So I contacted allinasia live chat support and inquired them that money was gone.
Their answer shocked me, insisting that I did number of operations: 1) transferred money to wallet; 2) deposited to another site (IDN); 3) lost all money; On top, they confirmed that all transactions were made from the same IP address.
The strangest thing is that i didnt get any emails, messages or any other report about changed password, transferred funds. I asked how is that possible to transfer funds to other poker room account without my knowledge when i didn’t even created it, but it seems according to their rules account is created in all of them.
Lastly, they said that money transfer was made from same IP address, which created allinasia account on 2nd and 3rd of September, making it impossible, since the computer was turned off and no one had any access to it. So I asked them to send me all log files, hand histories, ip adresses, dates when password was changed and so on.

I will add live chat conversations(some will be missing because i didint saved, but most of them will be) all files which they sent me,emails.

BTW. My english is not very good, cause friend helped me to create this thread so in chats and emails could be alot of english language mistakes, but i hope u understand.





after these two chats i get email from security team.

and he add some log files





my reply to this was:

I myself checked ip location which was shown in log files and u can see it is from singapore

and my IP address location which is also shown on log file september 4th


It is the location where i live and registered account.

After that i talked again with live chat support.







After these chats ive got back reply from security team email:

and my reply was:

and i send him same 2 pictures of ip locations which i add in previous post

afther that i didint get any reply from him. So I write again to live chat support



i didnt get anything so after 2 days i wrote again



Next day i asked again about investigation.



And yesterday(september 13th) i get new email from them, which included hand history and log file.




and there was like more 10 similar files, which they doesnt give any information for me, how it was played out or lost where or to who, but the strangest thing was the log file where shows ip adress



as u can see it is similar log file, which ive added before, but now somehow my ip dissapeared. And even ive wrote to them on september 4th, somehow
that IP still managed to login to my account.

U can check your self both logs:
this is before, which ive got frum security team


and this is which i get yesterday from other allinasia email:



and there is chat talk again same time when ive got this email.

Did you create an account on the GG network itself? Or was it created like how Justin said?

You can send me the poker hands if you want, same Skype ID as my username

Keep us updated on what AIA responds with regarding what IP address you registered from

After this chat ive got contacted by them on my skype and i will upload now all chat:




thats all what i have for now, tomorow i will write what he will say

Hey I just create myself on Allinasia on august 30th via pokervip deal, nothing more, deposited money via neteller, they gave me email in live chat i just sent them. Ok i can contact u on skype.

Ok so I talked to OP on Skype and he sent me the files that he posted here, along with some others from All In Asia (AIA). They are pretty tough at best to try to decipher, not helped by the fact that it’s a horrible backend overall.

Cliffs (only taking OP’s side/story for this):

1) he is from Lithuania and makes an account & deposits on AIA

2) he starts to play on GG network thru AIA, on 30th Aug - 1st Sept, runs $1K up to $2.7K and takes a break for a couple of days

3) he tries to log into GG network on the 4th Sept, cannot and has to reset password

4) he receives his password in an email from AIA in plain text from support! (this means that people who work in AIA have access to your password, which is what is used to log into the actual poker sites to play)

5) he sees his balance is xferred to IDN Poker, over 3 transfers, on the 2nd & 3rd Sept. He later finds out its from a Singapore IP

6) 99% of his balance is lost on IDN Poker over several sessions

There are several things that look odd in this, and a lot of unanswered questions.

OP is given the login details of some account from Sept 2nd, shown below. It shows a Singapore IP for 6 records and then his Lithuanian IP on the 4th Sept. It doesn’t show any details from when he registered and deposited on the AIA account. Justin, Head of Security AIA, says:

This is the Singapore IP, which is possible that was used to register the account, but according to the OP he registered and logged in from Lithuania only.

One interesting thing is that you register directly with AIA, and then are set up with multiple accounts on the poker sites (one for each). You use the same password for each poker room, that matches your AIA one. As Justin said, it is apparently the same IP used to register as was playing on the 2nd/3rd, so I wonder if this was bad investigating where they did not go back to 30th August, or if he has just stated that the IP address came from their offices – I’m guessing it’s the former.



Here you can see the logins on OP’s account (J17242…). There is about 8 hours between the initial attempt and the next one. I am unsure what timezones there are in the screenshots, and there is no “logout” date/timestamp (which seems to be a fail), but maybe the account was initially accessed at 00:35am from Singapore and the first transfer done then. However, the first xfer to IDN occurred at xx:26 (26 minutes passed the hour), but the Online Log above shows the first Date/timestamp to be at xx:35. It is the same for the second transfer, where that occurs at xx:41 but the Online Log shows a xx:46 stamp. I am unsure how this works, or what the above log is of exactly. If it’s the log of just the logins to IDN and not GG or AIA, then it is pretty terrible investigating to state that “It shows that you have registered with the following [Singapore] IP that you have played with”. If your AIA password/account was compromised and you didn’t play on one of the sites previously and this was the first login/creation, then clearly they would have the same IPs. Did the OP try to log into the IDN account on the 4th Sept though? A full breakdown of IPs & Datestamps is needed for all AIA + GG + IDN access.

If OP did use the Singapore IP to sign up & deposit to AIA and play on GG, as well as IDN, then it’s a completely different story.

OP is provided with another screenshot, with an IP report, rather than a UserId report:



Along with OP’s UserID, there are also 3 other UserIds listed on this screenshot. 2 with 1 attempt and the other with 3 attempts. Were these accounts hacked also? Is the first attempt on each the initial “check if we have correct password”? If not do they move on until they get to an account they can access (eg what looks like E1794…). I do not know if these records show all login attempts, or just successful login attempts. Hopefully they have a report which will show if it’s a fail (and the reason) or a success. Are any of these accounts owned by the person who compromised OP? Were they looked into at all? Are any of them registered through AIA?

OP has not yet been provided any hand histories from his account’s play on IDN, which is pretty concerning as presumably any funds (if dumped) are long gone now. OP’s account seems to play several sessions on IDN, was it all HU? Was the winner of all/majority of the funds the same account in each session? Was the account that won funds involved? Do IDN have any alerts for suspicious hands? Are withdrawals reviewed before processed? If it is just one player who won the majority of the funds, was their account set up through AIA?

OP has asked Justin and also the AIA rep on skype to provide him with the full login details of his account on AIA (IPs and Datestamps) and also the HH that were played on IDN. He should also probably ask for a full explanation of what the logs mean, and get IP & Datestamp logs for all activity from AIA + GG + IDN.

As OP stated in post #5, AIA thinks that they have sent him the HH from IDN, however these are just a financial transaction report (presumably some from Texas Holdem – TXH tables). No actual hand details are shown, no winners (if not OP) are listed. Its concerning that a security team member would consider these hand histories.

Its very concerning that AIA employees have easy access to the passwords of their customers. People are lazy with their security, and many use the same password for everything, meaning that AIA employees could access more than just the poker accounts of their users.

OP mentions that he signed up to AIA through PVip, but hopefully they would not have access to his AIA login credentials, unless he shared them with PVip.

Again, all of the above is that OP told me on Skype and what he posted here, so I only have one side of the story.

AIA and IDN can reach out to me if they want, I can help with such investigations, general ops, and also beefing up their detection methods. My Skype is the same as my username here.

there is no news about my situation. I'm still waiting for a reply to my email or to the message that I sent one of their employees on Skype. He told me that Justin would email me within 24 hours, but that has long passed.

I tried to speak with live chat again, but they just keep saying that I need to wait more. I asked them to have someone contact me urgently, as its nearly been 2 weeks now, to send me the full login details and also the full hand histories. They keep telling me that they have sent me the hand histories to me - but most likely the live chat person is just a random support person who doesn't understand what hand histories actually are. They also keep on saying that I signed up from the same IP address as the hacker, but they have only provided me the login details since the 2nd Sept, not since the 30th August when I signed up to AllinAsia.

I really think that they have only looked at when the IDN account was created/used for the first time, which was by the hacker, and not me. I do not think that they have gone back to when I first created the AIA account and started to play on the GG network, which should show as my Lithuanian IP

So even if no cheating occurred allinAsia should prob be avoided due to horrible security right? Plaintext password for potentially thousands is ridiculous.

Not remotely surprised if chipdumping occurred on ******** - according to the other thread a LOT of shady stuff is happening there.

yes security is very bad. I regret playing there. it was fun and good until i have to deal with their support and security team. They don't appear to give a **** about this situation, their lack of replies and slow investigation is not helping at all. It probably doesnt matter what the conclusion will be I will not get any funds, I just hope that this raises awareness on how they operate.

plaintext password email

jesus that really says it all. Will be avoiding allinAsia like the plague.

lol why do people even play on sites like these, just stick with the big sites. Even if there is more fish it is not worth it to waste your time.

This is an official statement from All In Asia:

We understand that a few of our players had their accounts compromised whilst playing with us at All in Asia. We will and have been doing our utmost best in getting to the bottom of this case.

In the same time, All in Asia promises to ensure the security of your accounts and also taking the extra mile to tighten up the security to future prevent such event to happen to any of our players.

Thorough investigation has been made regarding this matter alongside with our networks partners (GGNetwork,IDN and etc) and if the cause is indeed from All in Asia’s end overlooking this matter, FULL compensation will be made to the affected players immediately.

Some of the cases we received were cases that involved players claiming that their accounts were compromised and that chips were being dumped to different accounts. Upon further investigation, (factoring in same IP login, password changes and playing pattern, alongside with the cooperation of our network partners) we have found that some of the cases reported were deemed as due to the negligence of the players own responsibility. All In Asia, emphasizes and promotes fair play and we trust our players do so as well, and not to abuse this trust.

Until then, full assistance will be provided in ensuring the security of your account is in check.

Players that have their accounts compromised or suspect any form of security breach please contact cs@allinasia.com and we will investigate such matters with utmost sincerity and we will reply to you with the facts of our investigation.

Sincerely,
All in Asia

Hope you get your monies back mate

As per normal, nothing was done until it went public and their reputation was at stake.

Its good that AllinAsia is on here now, but they still have not provided me with what I have asked for (full login details since I created my AIA account, and also the hand histories from IDN). I am not sure why either is taking so long, its been over 2 weeks now.

AIA are saying that a few players have had their accounts hacked, were the new logins all from Singapore?

I asked IDN directly for the hand histories of my account, and they replied with this:

I also got my money stolen on Allinasia. Most of it was lost on IDN and then one session was on GG network. The one on GG was played from the same ip address that was used on OP's account (45.77.46.149 from Singapore). I didn't get the logs from IDN, but it' s very likely the same ip address was used there too. To me that makes it even more likely that the data leak was on AiA side. I also ran a full scan on my pc and it is clean.

I wrote them yesterday, still waiting for reply.

where did you find the details of the IP that accessed your account?

GG has this feature called PokerCraft that saves some data about your sessions, the information about ip address was there too

gotcha, when did this happen (dates & times)?

Ok I did not know this existed, this is good information. I checked my account on pokercraft and the screenshots are below. They show my playing IP for the 3 days on GG Poker (30th Aug - 1st Sept) as my Lithuanian IP. Not as the Singapore IP as Justin said in his investigation. So this shows that they have a terrible investigation and probably only look at IPs from first time IDN was used (by hacker). They have not provided me with any other login details.

SCREENSHOTS








As you can see there is no data on the 2nd or 3rd September, so the hacker must have accessed my AIA account directly and moved the funds internally from there to IDN. You can see my login attempts and success on the 4th September after they send me my password in plain text.

Now that there is this poster above me also saying he was hacked, from the same IP, there must be something going on from AIA side and not us.

I do not know why they are not responding at all to me by email or skype, they have a serious issue.

wow so they have my hand histories and will not send them to me. why is this? this is just stupid that they have them and will not send. how long have they hand them for?

On September 6 between 1am-2:30am utc+0

I wonder if any of the top lines were your account so:



Can you post the screenshots like OP posted about the IP(s) playing on GG network with the data from pokercraft?

Which site(s) did you personally play on (at anytime) from AIA? Was the hacker the first to use any of these skins?

Is there anything on IDN that shows the same thing?

Hey everyone, I haven't been active here for ages and I had to recover my password so that I could write here my experience about AiA. Basically, I to got my money stolen, deposited there 1.1k euros, played on idn, lost most of money, but had 3mill IDR left on IDN play. It was ~180e, and as I understood, on monday they automatically transfer all funds back to AiA main account with the same conversion rate as I changed my euros to idr. After that I didn't log in on AiA for couple of weeks, but when I did, I saw that I have no money on the account, transaction history showed that the money did indeed get transferred from IDN play to my AiA account, but from there, someone deposited on GG network and apperently lost it all, up untill I saw those transactions, I didn't even have GG network client installed on my pc. Contacted support, they said they would look into it and give me a reply via email, but I knew what was going on and was 99% sure I would never see that money again. I'm playing poker for a living for ~6 years now and never have I had any problems with my accounts being compromised, and just when I wanted to try out some shady network, something like that happened, it was clear to me what's going on even before I saw this thread. Do not deposit on AiA if you don't wan't to get your money stolen!

hi,

can you log into https://my.pokercraft.com/overview and check the IP address that was playing on your account on GG Network? You can see the screenshots examples above in post #19, can you post for yours also? Your AIA username and password should presumably work for it

Would be very handy.

You might also have access to the hand histories that were played on GG Network on that site too, maybe see where most of the funds went to

When I click on the link, it says that access is denied. Don't even want to bother to go into that much detail with checking the IP adresses, it's as far as I can tell the same thing that happened to xemikas, someone without my knowledge transferred money from AiA account to GG network and lost it all.