We ask everyone who plays on Pokerstars to urgently use a PIN to protect their accounts.
https://www.pokerstars.eu/poker/room.../security/pin/
https://www.pokerstars.uk/poker/room.../security/pin/
https://www.pokerstars.com/poker/roo.../security/pin/

Many Pokerstars accounts are suddenly being hacked and the number is rapidly growing. Stars continues to deny any possibility of a leak from their end, even though nobody so far has reported anything other than their Pokerstars accounts hacked. Other poker/bank/email/social media accounts have not been hacked.
Those of us who have run anti-malware software have not detected any spyware or keyloggers.

It also raises important focus on the security of Pokerstars, as the changes in the cashout policies of Pokerstars have made it very easy for the hackers to accomplish their task. Some cashouts are not being reviewed anymore and are approved within 1 minute. On top of that, it has been made possible to cashout directly after making a deposit. To add to this list, all of this is done while missing the following red flags:
-A foreign IP address has entered our account from a country we never visited
-Used a different Neteller account than the one attached to our account, to make a deposit into our account
-Used a different credit card, than the one attached to our account, to make a whole series of deposits
-Depleted our FPP's by converting them into $
-Used this new Neteller to cashout
-Pokerstars refuses to give us the full account number of the Neteller used, making it impossible to trace the money.

Pokerstars then copy/paste e-mails us, informing us that the hacker knew our password "perfectly" and there were no failed attempts, followed by requesting that we deposit money into our account to cover the "fake deposits" made by the hacker's fake credit card. On top of the fact that we just lost our entire bankroll.

This case is almost identical to all the hacked accounts. In all of the cases, all the victims have received an e-mail from Pokerstars saying that our password has been compromised, putting the fault on us, giving the impression that it is an isolated case.

Since I made the original thread in Internet Poker about this around a dozen other people have came forward telling the story of how their accounts were hacked in the exact same manner. When we consider that only a small % of the Stars player pool posts on 2+2 it is entirely possible that the total number of accounts hacked could be in the hundreds.

In my case, my e-mail address is only used for Pokerstars, Full Tilt, and Holdem Manager forums (which I haven't posted on in years and it doesn't contain my PS username). When I google my PS username for the past 1 year, 0 results show up. I am practically a ghost, how could the hackers have found my account?
Also after my Pokerstars account was hacked, 4 minutes later, the hacker tried to enter my e-mail address but failed, indicating that he found out about my e-mail address from my PS account and not vice versa, and also showing that he did not know the password to my e-mail account (because my PS password is original and not used for anything else). It surely shows that they tried to enter my e-mail account, so the fact that none of our other accounts (Paypal/e-mail/etc.) have been hacked does raise suspicion, even though they were able to enter our PS passwords with 1 try.




As so many accounts have been hacked, there is a definite explanation to how they have been able to do it, though this is unclear just yet.

Below you will find a detailed summary of my case, and all the red flags that were missed by Pokerstars (it's almost identical to all other cases reported):

I am a ex-high stakes regular who has barely played for the past 4 years, my RSA token was cancelled a long time ago and as I didn't have a significant bankroll I didn't get another one. I hadn't logged into my account for 3 months (and haven't deposited for years), however it raised no red flags when:

-On 8:43 (CET Timezone) the hacker enters my PS account with a foreign IP address from Poland, a country I have never played from before.
-Makes a deposit of $10 into my account using a different Neteller account, even though I have used my own Neteller account for OVER 5 YEARS.
-Makes 69 purchases from the PS Store , converting 1000 FPP's into $10 each time, even though I have not made any purchases from the PS Store in years, and no one in their right mind would convert 69,000 FPP's, as a bronze star, because you will lose a lot of value.
-He requests to raise the deposit limit and Pokerstars approves it, without even doing a quick check whether a foreign IP is being used.
-Then proceeded to make 22 deposits (a total of 900 EURO'S) with a credit card that I have never used, even though I have used the same credit card for years. Plus, I've barely made any deposits since being a member, though apparently 22 deposits with a different credit card by a foreign IP raises no alarms.
-He proceeds to throw money away on the tables on games I don't usually play, even though more than 95% of my hands are played on HU SNG.
-On 10:10 CET he cashes out $800 to his Neteller account.


As you can see in the dates, the cashout was approved within 1 minute, even though it's not an instant cashout as the previous deposit only covers $10. Plus, Pokerstars refused to give me the full account number of the NETeller account that was used by the hacker to withdraw money from my PS account, making it impossible to trace the hacker.

When I asked Pokerstars to contact Neteller, they informed me that they did this on the 19th of February. However, in their next e-mail, they state that they contacted Neteller once I confirmed that the access was not authorized. However, this would mean that they contacted them on the 21st of February, as the 21st was the first time I contacted Pokerstars. So they have given 2 different dates in assuring me that they contacted Neteller.

Though this is fruitless as they wont give me the full account ID of the Neteller account in question.

Here is a link to my original thread in Internet Poker in which this issue was first brought to attention
http://forumserver.twoplustwo.com/28...acked-1513052/

Here's a quote from Pokerstars Michael J in the thread:

List of other people on 2+2 so far who have mentioned that their PS account has been hacked since the thread is up:
Cristos
boat2p2-2
burobest
shipppp09
Izzit
GreenDolphin
cianus
Spudhead
Muznik
Flashdancer
PWallis' gf
ZenX
Ohlongjohnson
Chopper104

We hope to reach as many people as possible now that this thread is in NVG. Hopefully this will prevent more people from being hacked (set your PIN up) and also allow more victims of the hackers to realise that what happened to them was not an isolated incident.

We ask everyone to provide the following details so that we can investigate this further:
Date & Time of 1st compromised:
Date & Time of last compromised
Deposit Details: (type of card and total amount)
Deposit Dates: 1st Deposit date/time and last deposit date/time
Withdraw Details: (what processor, details of the account - will say in w/d confirmation email, total amount)
Withdraw Dates: 1st withdraw date/time and last withdraw date/time
Country of your account (where its logged in from):
Country of Hack:
Is your password 100% unique:
Did your Full Tilt Poker account have an access attempt also: (To find out, login, then > Account > My Login History (Web)
Do you currently, or have you ever had a UK postal address on your PokerStars account:
Was your PokerStars account dormant (last used regularly more than 60 days ago):

It's worth noting that all the accounts so far seem to have a link to the UK. In my case, I lived in UK in 2011 and the address was added to my Pokerstars account.

A thank you to pmarrsouth and Spudhead for assisting me to write this summary.

hoping to see some more reassuring replies from Stars than Michael J's offerings in the zoo thread. Specifically, I'd like to hear what Stars plan to do to in future when faced with two or more of the following:

- Account accessed from a new location
- Deposits from new payment methods
- Large cashouts to new payment methods
- Uncharacteristic activity at HU cash tables

Is this still the case? When I first read the thread in IP I assumed they'd eventually backtrack on it.

What was it, pay $1,000 or your account gets shut down?

Did any of those accounts use an RSA token?

no

Greetings from PokerStars.

Your account has been frozen as we have determined it was accessed from a foreign location without your knowledge. We have conducted a full investigation into your account and we believe that your PokerStars password may have been compromised.

Our facts to support this are as follows:

The logins to your account show no failed attempts; whoever accessed your account knew your password perfectly.

Computer finger printing technology is utilized by our Security Team in order to determine which computer your account was accessed from. In this case, our investigation concludes that your account was accessed from a foreign computer in Russia where no logins were previously detected from. It is therefore possible that your password has been compromised.

With regards to the bankroll in your account, fortunately there was no real money activity during this access.

To conclude this matter, we would like to advise you that PokerStars will not be liable for funds lost on your PokerStars account. PokerStars will not be held liable for any losses as a result of insufficient security measures to ensure that your personal details remain secured. This is in accordance with the sections 10.2 and 10.3 of our Terms of Service which state your responsibilities as an account owner.

---

That's the main part of the email my gf received. She has used the same computer as me and my account hasn't been hacked so make of that what you will.

If you don't have the highest security you can on a site you'd be mad if you lost it; get that highest security, now.

That is all.

What was your password?

I've a question for Pokerstars Michael J (this is the only question I have asked, so please answer it):

What happens when the account holder himself decides to use a fraudulent credit card to deposit $1000 and then cash it out through Neteller directly afterwards? Will you stop them? Or does your security have flaws, making it impossible to do so?


1) If indeed your security has flaws and you are not able to stop this, it means people can get away with stealing $1000 from your company easily.
2) If your security doesn't have flaws and you can stop this, then why did you not stop it in our case?

Worth noting here, I am not even talking about a hacker entering an account with a FOREIGN IP address raising all kinds of red flags in the process and then do a thing like this. No, I am talking about normal customers, being able to deposit with a fraudulent credit card and then cashing out soon after, never returning to Pokerstars leaving the company to cover the debts.

You think it's possible that the perp is a pokerstars insider, or connected to one?

It seems to me these actions (depositing repeatedly, playing a little bit, making several small FPP purchases) are deliberate to avoid setting off security flags (and, interestingly, getting a cashout processed instantly.)

As a american i hope my account doesnt get hacked, ill never be able to play my homegames

My case is slightly different in that I am Canadian, and according to Pokerstars security my account was accessed from Lethbridge, Alberta. ( Approximately 300kms from where I live.) Pokerstars security did an investigation and concluded that my account had in fact been hacked, but any money lost from fradulent deposits was my responsibility as I did not do everything in my power to protect my account. Even though I have never shared my password, never logged on from any device other than my own, and my account had a unique password.

The breach occured on Nov 24, 2014 in the Afternoon. I was playing on my cell phone on pokerstars mobile. I logged out after my session, and within minutes I received an email saying that my account was accessed by a new device. I wasnt alarmed at first, because before I was able to play on mobile there was a software update, so I just assumed that the new software registered my mobile as a new device. A couple of minutes after that, I received an email saying that my self imposed deposit limit of $20usd has succesfully been increased to $1500USD/Week. This was followed be six consecutive deposit request emails. 5 were Declined and one was approved. ( Transaction ID#1172093006 $181.45 USD - Approved#1172093188 $345.62 USD- Declined#1172093501 $95.04 USD - Declined#1172093853 $371.54 USD - Declined#1172094336 $181.45 USD - Declined#1172098486 $380.12 USD - Declined). Subsequent emails with Pokerstars security indicated that the deposits were done with 3 different credit cards.

Thanks to the fact that I got the emails from Pokerstars, I was able to contact them and let them know that my account had been breached, and after about 45 minutes they were able to freeze my account. I had approximately $38 USD on my account. The hacker played a $200 Hyper 6 max sitngo and lost, leaving my account with $22. Pokerstars deducted the amount of the fradulent deposit from my account leaving me with a balance of -$159.16. I was told that I would have to cover this amount if I wanted my account reinstated.

After all of this I carefully scanned both my computer and my phone and found no virus or malware. None of my other online accounts were comprimised at all. ( My full tilt account was suspended as soon as I reported the breach with Pokerstars, so I dont know if any login attempts were made)

I havent made up the short fall in my account, as I wasnt convinced that the security breach was not on Pokerstars end. I was also frustrated by the fact that I used the companies own responsible gaming feature to limit my deposits to $20 per week, and with just a single click of a button it was able to be increased by $1480. Whats the point of having responsible gaming features if they can be changed that easily? ( I had these limits for many months, apparently Pokerstars policy is that after 7 days you can change the settings. I wasnt aware of this. I actually thought that if you wanted to change them that there was a 7 day waiting period, which makes much more sense.) If they had respected the limits I had set, none of this would have happened.

I dont imagine that I will be able to regain access to my account, but I am hoping that this thread will flush out more people this has happened to, which in turn will cause Pokerstars to investigate these cases more closely. And hopefully the community can put pressure on Pokerstars to not put the burden of repaying fradulent transactions on their customers. ( After they investigate and realize that the customer was not at fault of course) And also to serve as warning for current Pokerstars users to use the extra security features available so that they dont have to go through this as well.

It's problem.

Did you read the TOS the friendly Stars rep linked. Even if you can only play for bragging rights, you're still liable for all the actions performed with your credentials. If a hacker convinces stars you moved and deposits fake dollars and runs, you get the bill.

Feel free to read their terms of service for play money customers.

Sending an email when you log in from a new device isn't sufficient.

Even if you see the email immediately you likely won't get a response quickly enough to stop the fraud.

They should be sending a code to your email or phone. Also, I always remember there being some sort of review process for cashouts.

If I logged in from a new device, deposited, and tried to cashout I would fully expect an email from pokerstars asking me what the hell was going on.

You should be responsible for fraud on your account, but only if pokerstars is making a reasonable effort to protect you from the fraud.

They aren't.

Sorry to read about your case, ZenX.

Could you post the exact wording they used when they asked you to cover the negative balance. You can redact any screennames and personal info. I'm just interested if the emails implied threads that are illegal in some jurisdictions.

security@pokerstars.com Nov 25, 2014
To
me
Hello Bruce,

Thank you for your reply. We have conducted a full investigation into your account and we believe that your PokerStars password may have been compromised.

Our facts to support this are as follows:

Computer finger printing technology is utilized by our Security Team in order to determine which computer your account was accessed from. In this case, our investigation concludes that your account was accessed from an IP address which traces to Canada from a computer where no logins were previously detected from. It is therefore possible that your password has been compromised.

During the access to your PokerStars account there has been a credit card deposits totaling $181.45. We will deduct this amount from your PokerStars account to cover the future chargeback we expect to receive. This will bring your PokerStars account to a negative balance of $-159.16. You must request a deposit to settle the outstanding balance before you will be able to play again.

To conclude this matter, we would like to advise you that PokerStars will not be liable for funds lost on your PokerStars account. PokerStars will not be held liable for any losses as a result of insufficient security measures to ensure that your personal details remain secured. This is in accordance with the sections 10.2 and 10.3 of our Terms of Service which state your responsibilities as an account owner.

In order to reinstate your account to allow you to deposit and settle the negative balance, we would like to ask you that you please:

1. scan / reformat your computer and remove any virus or malwares detected

2. change the password on your e-mail account.

3. provide us with a clear digital photo of you holding your ID document (please make sure your equipment is clean from keyloggers before sending, to avoid compromising). Please make sure that your full name, date of birth and the expiry date of the document are clearly readable.

You can send this to security@pokerstars.com

Finally, you may wish to visit the following link which offers suggestions on keeping your password secure and details about additional security features offered by PokerStars:

http://www.pokerstars.com/poker/room...ity/passwords/
http://www.pokerstars.com/poker/room...ecurity/token/

Your cooperation is appreciated.

Regards,

Bev
PokerStars Security Team

He gets robbed in unknown circumstances, and PS just assumes he s guilty and fines him. wow this is just beyond me.

Btw i think everyone should rate this a 5* thread to make it as noticeable as possible.

Is it technologically all that difficult for sites to add an option that would allow a player to limit account access to a single IP? Seems like a piece of cake, no? 99% of the time I play from home...sites should allow me to restrict login access to my poker account from ONLY a single IP. I could toggle that option off if I knew I was going to be traveling or if I wanted to play from a different location. Some people have dynamic IPs, sure, but this would still be worth it for people playing from static IPs (or let people specify, I dunno, an IP range, or a specific ISP).

What am I missing? Isn't this easy, and while not bulletproof I'm sure, wouldn't it provide an additional and pretty comforting layer of security?

WTF, how did Stars let the cashout to the new neteller account happen AND how the **** are they not cooperating with neteller to return the money to OP/ catch the people involved?

Thank you for posting the entire email, Zenx.

The following quote and that they didn't mention any alternatives to paying the balance should be enough to get them into trouble. I'll consult with my colleagues tomorrow. Normally they do the law stuff, and I'm the IT guy.

"This will bring your PokerStars account to a negative balance of $-159.16"

Thanks again

Lee Jones has nothing to say about this? He often appears in other Stars threads in NVG.

RSA tokens are great and I used one on FTP, but not everyone has them and there are other ways to secure accounts.

Treating a new device and location the same as an established device/location is negligent. This doesn't mean sending an email. That isn't enough.

You don't give that device the same permissions you do an established device. At least not until some sort of verification is done.

This is what I thought the case was, apperently not, so now I'll just start checking my account every few hours like a paranoid idiot.
Thanks stars.
****ing ridiculous.

What's the point of sending me the 'account access from new device' warning email if you let that new device insta add new CCs and bank/Netteller accounts and even WITHDRAW FUNDS THE SAME DAY!
Wtf is going on here?

wtf stars

this is crazy