It's not useless because your clicking your screen, not entering your numbers on your keyboard. Those numbers are specifically meant to counter this scenario.

because you're being a baby and don't want to take responsibility for your mistake. Who's accusing you or accused you of anything? Stars certainly didn't. I didn't. Nobody did.

Ok. So you address that it's my fault. I don't like it but I can accept it.
Now what about my other point which you say nothing?
Does Pokerstars have no responsibility to a long time customer when it comes to the theft of the customers money? What about a little transparency and just telling me they know the name of the account that did it? Why do I have to request hand histories and point out to them the obvious facts? It would not fix the problem but it would give a little more sense of trust that they have done a little investigating since I am trusting them to hold my money on a daily basis. It's this kind of lack of transparency and customer service which bothers me more than anything else. Its basically the company telling its customer 'too bad so sad, we don't care about your money. If you want to play here its your risk not ours.'
What about all the licenses and policies they so strictly adhere to when I had to verify my payment methods and ID? They must have an idea of who the culprit is and or banking info on this person/group of people. Not giving any info would make any customer lose faith in them. Don't you agree???

Enable the PIN and/or two factor authentication.

POKERSTARS HAS BEEN HACKED BUT THEY'RE OBVIOUSLY TRYING TO COVER IT UP BY BLAMING THEIR CUSTOMERS. SEEMS TOO COINCIDENTAL FOR A BUNCH OF USERS TO BE GETTING HACKED THIS MORNING.

That thought has definately crossed my mind but there is no way to prove it unfortunately...

I’m with Steve, this is obviously happening too often for stars to just keep pumping out template response emails that they don’t care and it’s not there problem.

Like chabby said, requesting further details when a new device and ip is used would be a start to cutting down this issue.

time to hit twitter and call them out see if they copy/paste a response there

While I'm not saying this isn't possible, it's far from the only possibility, and it doesn't seem like the most likely one.

If Stars was hacked, why are the only people posting ones who lost a few hundred dollars? I think if I was a thief that had hacked Stars, I'd be going after some larger accounts.

As for a "bunch of users to be getting hacked this morning", are there other threads you're referring to? Because this thread has three of you with this issue, over the last couple of days. Hardly a bunch of accounts, and not just this morning.

In NVG, on the other hand, there is a thread where dozens of people have had similar things happen. However, that's over a period of years, so if you're linking these to that, it's not some major hack that just happened. Also, that thread seems a little different (which is why I haven't merged this one with that as we usually would), in that I don't think any of those people recovered any funds.

And a grouping of accounts having this happen at one time doesn't make a hack of the site any more likely than hackers having targeted a bunch of people's accounts on their end at the same time - through a trojan, keylogger, phishing, etc. Not saying this is what happened, just that the timing doesn't point only to a site hack.

On another note - we don't need the bolded all-caps. Thanks.

Oh.... Just to add a little more detail to my story...
The day I got hacked I played my last hand at 1:38 AWST (according to hand histories)... I live in the Philippines
The first hand the hacker played was at 4:29 my time... From an IP address in Canada!!!
Doesn't this set off some kind of red flag at Pokerstars??? With all their high tech industry leading software, cant see that it is IMPOSSIBLE for me to have traveled to the other side of the world in 3 hours!!!

No that is not correct. You can not type in the PIN so a key logger is useless against it. The PIN is entered by mouse on a randomized on screen key pad. To get past the PIN would require one of the following attacks in order of complexity.

1) The attacker has access to your email account so they can find the email from Stars that contains your PIN or allows them to reset your PIN. NOTE: This would also allow them to reset your password;

2) The attacker has installed a screen capture/remote viewer program on your computer, this would be significantly more complex than a basic key logger;

3) A man in the middle attack where the attacker is able to intercept and decript the communications between your computer and Stars servers. This would be major breach of Stars security protocols; or

4) Stars servers have been hacked to obtain the necessary information.

If your email is hacked and they know your Stars ID and you do not have an RSA token then it's rather trivial to get control of your PS account. But if you have SMS set up you will get a warning and opportunity to stop things if you recieved and respond in a timely manner. But in all cases Stars would have the record of your password/PIN resets and none of the hacks I recall being posted have mentioned this.

A key logger/remote viewer attack is preventable by basic computer security practices that you have mentioned, ie. Virus and malware software and scans.

If Stars has been compromised, either through unsecure communications protocols or their servers compromised then their is nothing protecting you short of an RSA token.

Question:. What virus/malware software do you use? Is it Russian?

It's stronger than this. If you have the SMS Validation thing activated, a potential hacker would not be able to make any financial transactions (including withdrawal/deposit/play/transfer) without it.

In short, get the SMS Validation, it's outstanding.

Guys... the more I think about my being hacked, the more it bothers me... Can someone educate me a little about how this could have happened?
Here's what I'm thinking. It may be all wrong, please tell me...
First, the hacker had to get my password, which is very possible from what I've been told here.
Second, he had to either be targeting Pokerstars players specifically OR he had to get familiar with Pokerstars, set up an account, deposit, etc. If he's targeting stars players, how can he get the info off our computers? Can he see my IP address somehow while I'm playing?
If he had to get familiar with stars, he had to go thru all the security measures at both stars and whatever payment processor was used with bogus info.
Third, he had to dump my chips (took about 40mins according to hand histories) to the other account and then withdraw it within the 2 hours of the last hand he played and when I noticed the problem) He also cashed 3000 starscoins in the store during that time.
During this time, I did receive emails about the store purchases and a login from a new IP address in Canada from Pokerstars. Unfortunately, I was not online when the emails arrived or I would have caught the hack in progress.
I mentioned it before, but why was he even allowed to login? My last log out was 3 hours before he logged in. I live in the Philippines and his IP address is in Canada. Cant' stars tell that his login was impossible as far as the distance and time between log out and log in?
Pokerstars did recover $13.03 and give that back to me. How did they get it? from the Hacker's stars account? From his payment proccesor? No transparency about the situation from Pokerstars doesn't help.
The loss of my money bothers me but the whole situation just doesn't seem to add up. Any input would be appreciated and hopefully give me a little peace of mind. Since then I've changed all my passwords, enabled PIN and SMS in stars. Any other precautions you could recommend would help also. Thanks!

Obviously, I do not have any specific information on what happened in your situation, only skim-reading what has been posted in this thread.

But if you're interested in broader information on the issue more generally, and how passwords are compromised more broadly, Google released a report about 10 days ago on this exact issue, which is online here: https://research.google.com/pubs/pub46437.html

Short-version is that they found:
-788,000 potential victims of off-the-shelf keyloggers;
-12.4 million potential victims of phishing kits;
-1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums

In percentage terms:
0.04% Key loggers
0.65% Phishing
99.31% Data breaches and trading

Obviously, data breaches are by far the most likely source. A reasonable place to check if you were a victim of such a data breach is to put your email address into this service:
https://haveibeenpwned.com/

While that's not impossible, the more likely situation is that the data breach came from a service that was connected to online gaming. For example, 2p2 itself was a victim of such a data breach some years ago. It does not take much imagination to check 2p2 user email addresses and passwords against PokerStars accounts (for example - I'm very much not saying that this happened, just pointing to this as a hypothetical example).

With 110million+ customers world-wide, PokerStars isn't exactly a niche organisation any more.
There's no evidence that this took place - see above.

If the hacker gained access to your email account, he could similarly see PokerStars activity (for example; again, this is just hypothetical).
Not at any reputable online poker site - some services, such as Skype, had (have?) a security flaw where this happens, but talking about IP addresses has no relevance to the issue at hand without some evidence of it. An IP address isn't a very sensitive issue, in the same way that having your home address doesn't allow a burglar to break in. It's unlikely that a hacker will steal your passwords by somehow stealing your IP address - that's not a tool/strategy that makes much sense from the point-of-view of a hacker in this circumstance.

If you had a millions of dollars of wealth in online accounts, it might be credible for a hacker to try to do that, but this seems like a distraction to me.

IP addresses are not tied to physical locations. There's not a very good reason to suspect that a hacker is physically in Canada because some third-party online service suspects that most users of a given IP address is in Canada.

The PokerStars SMS Validation service appears to be excellent - use that, and you should be fine. In my personal case, I have the SMS Validation service activated and nothing else, and believe that this will be very secure for my needs.

To expand on the above post. In regards to data breaches this is an issue if you use the same user ID and password with your Stars account and some other service such as 2+2, your email or some other service. 2+2 was last hacked just about a year ago in December 2016 and prior to that in 2012 that we know of.

When such a data breaches takes place hackers start trying the user id/password combination on other services, ie. Poker sites, email services, banks, etc. So in the case of the 2+2 data breaches, hackers would take your 2+2 user ID and password and try logging into every poker site out there hoping to get access to your poker account.

If your Stars ID and password is unique to your Stars account then the data breach could only have come from Stars. But according to Stars, as they told you in the initial email, this is completely impossible because Stars is the only unbreachable system in existence. Therefore you have fallen into the less than 1% and it's all your fault. Some may suggest that's a bit of an arrogant position for Stars to take.

As far as IP addresses goes, yes there can be occasional weirdness but they are for the most part stable and give a reliable indication of location. If you have a broadband internet connection your IP address will usually not change often unless you specifically release it and reconnect. Given the Stars system was able to flag a different computer loged in from another country many time zones away it would seem reasonable to ask why this would not be a very good reason to put an immediate freeze on things. Rather then give someone time to empty your account and then freeze it. If there is enough of a reason to freeze an account why not do it before the user has been robbed rather than after?

Same thing here.
Some one ,with a russian email withraw all my bankroll to Skrill and Neteller,and i dont have no ideia how they did that. Suddenly i receive an email in my iphone that i did had an acess with a strange IP,and passed a few minutes lots of emails regards withraws.Only when all money was gone, is when i received an email saying to add the PIN.
I never used Neteller, dont have account there,so how they cashout ? And how Stars allow someone to cashout in minutes to a strange email in a strange IP,and when its me, it takes almost 48h?
the answers is the same as the OP said here. They dont care and blame the player for dont protect the log in data. Bull****! My pc is secure with all metods possible for a domestic user,no one had acess to my email,and my password was strong. They said thay they foind my password using the recover password method,but to do that, they had to know the email registered in Stars and the password of that email!! right?

if there isn't really a way for the player to get all the money back, wouldn't said hacker go after some bigger fish than just taking a couple hundred bucks?

I always find it funny when sites say this. Every website that deals with money or security (gov't, corporations, etc.) has been hacked before. You may not have heard about it, ldo, but welcome to the future.

So it's tricky assigning blame, but an rsa token along with the last 4 of your credit card and password changes will make you more safe.

Hope you all handle this well and are OK financially, don't leave an important amount of money in your account. This is a bad deal for both you and pokerstars, pokerstars is not going to try to be mean to you, give me one good reason they would?

Bobo, the reason that accounts with higher amounts of money in them aren't having this problem is possibly because they use more safety features.

Could be wrong about all of this, obv.

While that is possible, there will still be plenty of accounts with good sums of money that don't, and it's odd that none of them have posted about losing money. But to put my post into context, I was responding to someone who seemed to think Stars had been hacked that morning, and this was just one reason that didn't seem likely. Given the activity since then, I'd say it's even less likely now.

Think of re-used passwords ? Were you guys using this for more than 1 account ?

With all the breached data dumps recently, they just had to go and try usernames and & passwords. With some social engineering on poker forums, they might have gotten there right away.

They should have 2-factor authentication like Google, and ask you to confirm via mobile that it's you logging in. Actually I have no idea if they have this ? Do they ?

This situation shouldn't be possbile. If you haven't deposited using neteller you can't cashout using that imo. And even if you deposit you have to wait the 48hrs before you can request a cashout. If you are telling the truth you really should ask stars how is this possible. In this situation you might have a case to get something back.

The thread isn't that long - you should read it.

The fact that people are passionate about this issue, but not even sufficiently motivated to read this thread for the things that they seek, suggest that operators have a damn tough job in educating their users about 2-factor authentication.

The irony of that particular post that PokerStars "should have 2-factor authentication like Google" is that PokerStars actually introduced it in late 2008, whereas Google didn't introduce it until 2010.

See, PokerStars:
https://forumserver.twoplustwo.com/2...ay-pic-367093/

See, Google:
https://www.wired.com/2010/09/google_passwords/

If you are not going to play for a decent amount of time (year or more?) and you want to keep the money in your account safe you can email stars and have your account temporarily frozen to protect against fraud.

Just make it 100% clear to clarify that this is a just a temporary step to ensure that fraud doesn't happen and that you will be able to continue playing when you get back. Make sure they email you saying that this is temporary and they will let you play again when you come back.

Proceed with caution! Seriously!

Huge mistakes can occur if they misunderstand your request and self exclude you/ban you. They were really helpful to me when I did this, they know that this safeguard is useful against other people messing with anybodies account (withdrawing, dumping funds and chargebacks) and I will be able to play again when USA#1 gets back and running.

Why would anyone want to keep money in pokersite's cashier if they are not playing? Makes no sense at all.

I am a US player, and haven't logged into my PS account since I cashed out in 2011.

I just received an email from PS saying that my account was hacked and they want to add a PIN. I have no $ in my account.

Kinda bizarre that they would send me this in the first place since I am a US player with no $. But it seems to support the idea that the hacks named in this thread were on PS end, and no fault of the user.