I'm sorry that my first post here it's going to be this one, but I think you should know this.

First of all, sorry for my English, but it’s not my mother language.
I want to tell you all this chain of events, so all can see what happened to me, can happen to anyone.
I’ve tried to reach an agreement with PokerStars, and until now I haven’t said anything. I thought that a site like PokerStars, supposedly the more secure in the world, could be able to accept when they had made a mistake and act like the company they say they are: players first.
My story perhaps it’s not really alarming because of the amount I’ve lost. $15K it’s a small amount if we compare it with the amounts that other people have in their accounts (or had in the FTP accounts), but if this happened to me, can also happen to anyone with $50k or $100k.
Before starting, I want to make all of you understand everything, so get ready for a wall of text: sorry for that. But I think that it’s interesting and can help others to see what some big rooms like PokerStars can do to anyone.

Many people have asked me if I had the RSA key, and the answer is: I had it, but not anymore. Nearly a year ago someone entered in my van and stole my laptop and everything (including the key). Because of that PokerStars made me create a PIN number so I could enter in my account. They sent me the PIN number by regular mail, and to activate it I had to send ID documents. I have seen that that’s not necessary anymore, but I’m not 100% sure of what happened in that time (I was really stressed). Well, the thing is I had a password and a PIN number.
The 18th of August someone hacked my mail accounts, one of the poker rooms I play (Poker770, I’m also waiting some news from them to see if I can recover part of the €2.200 the hacker played in the tables. Besides of that, he tried to empty my cashier). He also entered in my Neteller acc and emptied it, and the same happened to my bank account (in this case he only stole €2.300 thanks to the security system). I’ve already recovered the $3k from Neteller and the money from the bank (kudos to them).

When all this happened, I contacted with all the sites I play. With most of them, it was really fast, because I could call them by phone. With PokerStars, it was more difficult: they don’t have a phone number; I had to use the e-mail (I live in Spain, btw).
They decide to close my account for security reasons and also to check the last movements, to see if something strange had happened. Besides, they told me to open an e-mail account so I could talk with them, because they don’t have a phone number.
I opened the new account, and then I’ve already improved even more the security of my system, antivirus, antispyware, firewalls, etc. In fact I formatted the PC.

In the PS account, I changed passwords, e-mail, PIN number, etc.
Some days later, they send me the last movements of the Stars acc and everything seems to be OK. I only use the new e-mail acc to open with Stars. Few days later, I decide to activate again the account, so I ask them how I can make this. They only tell me that I have to send a copy of my ID card to the support mail. First time they say the quality is not enough, so I send it again, no problem.
All the e-mails I send from this acc are deleted afterwards I send them; just to be sure they are not there. The hackers usually try to attack again, so I tried my best to keep my acc and my information safe.

I keep waiting for the answer of Stars until suddenly, a Sunday I got a phone call from a fellow player: Javier Tazón (Muckedboy). He told me that someone had gambled more than $9k in the FL tables $50-$100 and $200-$400 (you can check that in my PTR: http://www.pokertableratings.com/sta...search/corbein )
Of course, I sent and e-mail to customer support ASAP and they told me that my acc had been active for the last 2 days, that they sent me a new password AND PIN number to my e-mail acc (the hacker obv deleted them). All of this without calling me, and knowing that my accs had been hacked just a week ago. It’s more or less like if your bank sent an email with your credit card numbers and the PIN in the same mail.
When they check my acc, yes, someone have entered, played in the Limit tables (losing more than $9k) and he also changed my Neteller account and made a payout of the rest of the money: $5k. Stars checks everything, there wasn’t any chip dumping so the money was legally won by other players so they can keep it. Here I want to add something: you can’t change the Neteller accounts, not even when they have stolen everything inside, you can only change them with the ID check.

Someone entered, changed the number of an account (that had been there for three years, mostly because you can’t change that), from a non-Spanish IP (he/they used IP from India, Netherlands and Luxembourg) and after checking the process (two days) they allow him to get out all the money. There wasn’t anything suspicious at all. Wot?

The security department of PS.com told me that I’m responsible of the security of my accs since the beginning, and I have to say: yes, that’s true, but I want to add something: the mail acc was created only to talk with the room, not to make them send me anything at all, the room NEVER told me that they were going to change anything, (what’s then the use of changing the password and the PIN just before they block my acc?)

I’ve talking with them by mail and phone (they called me) and they say that the room have acted in goodwill and they thought that because I sent my ID, the acc was 100% safe. I found really incredible that someone in a security department tells me that an acc is 100% safe when I was hacked one week ago.

The acc activation process is, as they told me, this way (how the hell I could know that?) and NEVER had any problem (after my case, they are going to study again all the activation process) and following their T&C, I’m the only one to blame and the only responsible of what happens to my acc, even when they sent all de access data to an e-mail address because someone thought it was a good idea, because someone thought my acc was 100% safe. Of course, all of this with a lot of goodwill. Goodwill everywhere.

Now, you can think that they are right, but keep reading, there’s more. I sent them around 20 mails asking them to study my case again, and they always gave me the same answer: NO. Even with the Neteller thing.

I’ve been talking by phone (after asking for it by e-mail) a few times, and sometimes for more than three hours. All worthless. Nobody told me anything at all. It was my fault. Bye, bye money, we are sorry.

I’ve to say thanks to Muckedboy, because he started talking with other people, people that has a closer relationship with Stars than me. I’m not going to give names, but I’m really and deeply grateful.

This week, they have revisited my case for the 4th or 5th time, and I got an answer. After more than 20 mails, three hours of phone calls and people talking in my name, they have admitted that they are partly guilty in the problems surrounding the Neteller account.
Well, it was a real madness that they tried to blame me for that. Of the $15k, I only got back $5k. The rest of the money? Well, I can consider myself lucky, and please don’t call again.

The idea of making this public it’s not, by any means, an attempt to make people stop playing in the site. That’s something impossible and I don’t want that. What I want it’s to make all of you that anyone can suffer from this. The poker sites use the “legal void” to avoid any responsibility.
Imagine that this happens to Random Player, a guy without many friends and without contacts. Even if he had $100k in his acc, they would have told him “Sorry m8, more luck next time, we are not responsible of anything at all”.

I’ve recovered all the money from Neteller; my bank had insurance so I got it back. PokerStars it’s not a bank, but they keep our money like they were, so they should act like one. The security it’s a matter of the user, they wash their hands in nearly all the cases.

Also, another thing I want you to know, it’s that your money is much less safe in the cashier of PokerStars than in a Moneybookers or Neteller acc. The best thing is keep in the cashier the minimum to play and if you need, make a deposit (an instant process), instead of keeping the money in the poker acc, because if you get hacked, you are doomed.

Could I have avoided all this? Yes, for sure. If I had the RSA key perhaps the hacker couldn’t enter my acc (or at least had a harder time). If my e-mail acc had been in Gmail, perhaps nothing could have happened. If I were living in the Isle of Man I could go to their offices to get the PIN, but I also know is that if they didn’t send me my pass and PIN or acc number and PIN together, nothing of this could have happened.
The people that steal accounts in this way are professionals, so they know how to dodge the security in a lot of ways users don’t know. Accessing an e-mail account is much easier than it seems, but entering my Neteller acc, get the details of my credit card (I don’t use it online! I pay with PayPal)...

Perhaps the RSA key is 100% safe (I’m not sure of that). But I’m 100% sure that if the poker site sends you to hell, you are going to hell.
To end all this huge post, I want to talk about what I said before, and to those that think that I’m the only one to blame.
To activate again my acc, someone from the security department has contacted me by phone to give me the password and after that they sent the PIN to the e-mail. A more logical process for something that it’s supposed to be a “safety procedure”. Now they don’t send the two things necessary to access, and I don’t know if that’s the way it’s going to be from now on. Who knows, perhaps my incident have made the room change their ways. What I know it’s that to make things change they needed someone to lose the money. This time, it’s been me, for the “small” price of $9k.

If you have read all of this, thanks for all. I’ll try to answer all the questions anyone may have, but remember that my English it’s not very good.

You can also find me in my twitter account: corbein1, I'll try also to answer there all your questions

haven't read the whole thing yet, but I just thought i'd point out that leaving your RSA key with your laptop is a definite no no

my RSA key was stolen 7 months ago and it was locked, so it doesn´t the problem in this case.

how did the hacker get all yout passwords (neteller, bank, ...)?

hey OP,

have you heard about that RSA token thing ?

maybe not a situation to joke about

I read until RSA token on laptop and them finding passwords in your mail account.

Dude, it's your fault if you do stuff like that.

RSA token should be away from computer if you're not around it

your mailbox should not have important passwords stored in them

Thread should be titled "I have had like 30k stolen from me over and over but I'm only out 9k". Maybe you should get the hint and be a little more proactive yourself in trying to keep your money safe.

lol

Was it not your responsibility to inform Stars that your email account was potentially compromised, and therefore to refrain from sending any sensitive information to it?

Holy crap, you should be thanking your lucky stars (no pun intended) that they gave you anything back as a token of good will! Maybe next time you should take security a little more seriously when you have thousands of dollars sitting in a poker account.

hey OP, read the whole thing and i am truly sorry for what happened to you. Perhaps we shouldn't keep our money in the cashier because it is obvious that we are powerless and there is no fraud insurence that is being offered by all the banks. Pokerstars is not the bank and will never be nearly as safe, as long as the T&C is basically saying your money is our money if we want it to be.

Thank you for posting this and i hope that we as a community can stand up for ourselves and our rights and justice, even if its PokerStars on the other end.

Yuck this sucks, I hope you recover OP! Btw, your written English is very good for a Spaniard!

This would probably get more attention in the internet poker forum.

The wrong kind. IP is hardly moderated and is infested and where it's free game for insecure nerds to insult and mock anyone posting with a problem, as compensation for their own failure.

I wish more sites would start a "vault" like Lock Poker. Grinders tend to almost always have a ton of excess in their bankroll. It would be nice if it took some hoops to access that money.

think ur screwed, way too exploitable for ppl if they decide to give u the money.

also im not ruling out you're trying to scam pokerstars yourself(maybe im overly cynical these days)

Sorry this happened to you. It's your fault, not Stars'. I'll move this to the internet poker forum where it belongs.

OP

It is your fault, if you ask for a RSA token this never happens. Also in your blog in spanish you say that you had you Security PIN in your email, why you didnt delete that email?

Once again, for the people blaiming OP here:

The hacker logged in in a period of 2 days from 3 different countries, presumably ones OP has never logged in from. He then attempts and succeeds in changing the withdrawal information associated with the account and empties the remaining balance.

While OP made some mistakes, its absolutely inexcusable for poker site security to be this poor. If somebody logs in from a variety of different, new countries, the account should be auto locked and the owner of the account called - not emailed. That's to say nothing of the ridiculousness of then allowing the account to change the bank information and drain the account. If that 2 day processing period is truly for processing, what in the world are they looking for and 'processing' if this situation didn't send off multiple red flags?

OK, I'm a little confused about something. They hack your email account the first time and get access to all sorts of info. You're able to get your Stars account locked down before they get anything from there. You format your computer, change your email address, and then go through an ID check to reopen your account. After all of that, the hackers get your money - how the hell did that happen? You say they changed the password and deleted the emails about it - from which email account? Your original one that was hacked, or your new one?

Hello all. About the RSA key: of course I know what they are, I already had one as I said in my post. But the fact that they stole it from me months ago, has nothing to do with this situation. That key was blocked and because of that I only had a PIN number.
But I want all you to know that the RSA keys are not 100% safe. They have been hacked before, and you only need to search in google about that.

Not doubting you... but could you post the email or the proof from Stars that what you said actually did occur.
If Stars admits that the hacker did this (switching adress and 3 Countries) then I find it concerning that Stars would allow a withdraw from this acct. especially when the player has told them within a week that his acct. was hacked.

If your rsa was stolen and blocked months ago why wouldn't you order a new one? You say you only had the pin because your rsa was stolen but in fact you only have the pin because you failed to order another rsa. It's not a one time offer afaik.

Your mail account got hacked, someone stole your money, you made a new mail account on a clean computer and it got hacked and someone stole your money again?

Really? That's some bad beat.