We ask everyone who plays on Pokerstars to urgently use a PIN to protect their accounts.
https://www.pokerstars.eu/poker/room.../security/pin/
https://www.pokerstars.uk/poker/room.../security/pin/
https://www.pokerstars.com/poker/roo.../security/pin/
Many Pokerstars accounts are suddenly being hacked and the number is rapidly growing. Stars continues to deny any possibility of a leak from their end, even though nobody so far has reported anything other than their Pokerstars accounts hacked. Other poker/bank/email/social media accounts have not been hacked.
Those of us who have run anti-malware software have not detected any spyware or keyloggers.
It also raises important focus on the security of Pokerstars, as the changes in the cashout policies of Pokerstars have made it very easy for the hackers to accomplish their task. Some cashouts are not being reviewed anymore and are approved
within 1 minute. On top of that, it has been made possible to cashout
directly after making a deposit. To add to this list, all of this is done while missing the following red flags:
-A foreign IP address has entered our account from a country we never visited
-Used a different Neteller account than the one attached to our account, to make a deposit into our account
-Used a different credit card, than the one attached to our account, to make a whole series of deposits
-Depleted our FPP's by converting them into $
-Used this new Neteller to cashout
-Pokerstars refuses to give us the full account number of the Neteller used, making it impossible to trace the money.
Pokerstars then copy/paste e-mails us, informing us that the hacker knew our password "perfectly" and there were no failed attempts,
followed by requesting that we deposit money into our account to cover the "fake deposits" made by the hacker's fake credit card. On top of the fact that we just lost our entire bankroll.
This case is almost identical to all the hacked accounts. In all of the cases, all the victims have received an e-mail from Pokerstars saying that our password has been compromised, putting the fault on us, giving the impression that it is an isolated case.
Quote:
Originally Posted by Pokerstars
Greetings from PokerStars.
Your account has been frozen as we have determined it was accessed from a foreign location without your knowledge. We have conducted a full investigation into your account and we believe that your PokerStars password may have been compromised.
Our facts to support this are as follows:
The logins to your account show no failed attempts; whoever accessed your account knew your password perfectly.
Computer finger printing technology is utilized by our Security Team in order to determine which computer your account was accessed from. In this case, our investigation concludes that your account was accessed from a foreign computer where no logins were previously detected from. It is therefore possible that your password has been compromised.
With regards to the bankroll in your account, unfortunately we have been unable to recover funds lost.
To conclude this matter, we would like to advise you that PokerStars will not be liable for funds lost on your PokerStars account. PokerStars will not be held liable for any losses as a result of insufficient security measures to ensure that your personal details remain secured. This is in accordance with the sections 10.2 and 10.3 of our Terms of Service which state your responsibilities as an account owner.
Since I made the original thread in Internet Poker about this around a dozen other people have came forward telling the story of how their accounts were hacked in the exact same manner. When we consider that only a small % of the Stars player pool posts on 2+2 it is entirely possible that the total number of accounts hacked could be in the hundreds.
In my case, my e-mail address is only used for Pokerstars, Full Tilt, and Holdem Manager forums (which I haven't posted on in years and it doesn't contain my PS username). When I google my PS username for the past 1 year, 0 results show up. I am practically a ghost, how could the hackers have found my account?
Also after my Pokerstars account was hacked, 4 minutes later, the hacker tried to enter my e-mail address but failed, indicating that he found out about my e-mail address from my PS account and not vice versa, and also showing that he did not know the password to my e-mail account (because my PS password is original and not used for anything else). It surely shows that they tried to enter my e-mail account, so the fact that none of our other accounts (Paypal/e-mail/etc.) have been hacked does raise suspicion, even though they were able to enter our PS passwords with 1 try.
As so many accounts have been hacked, there is a definite explanation to how they have been able to do it, though this is unclear just yet.
Below you will find a detailed summary of my case, and all the red flags that were missed by Pokerstars (it's almost identical to all other cases reported):
I am a ex-high stakes regular who has barely played for the past 4 years, my RSA token was cancelled a long time ago and as I didn't have a significant bankroll I didn't get another one. I hadn't logged into my account for 3 months (and haven't deposited for years), however it raised no red flags when:
-On 8:43 (CET Timezone) the hacker enters my PS account with a foreign IP address from Poland, a country I have never played from before.
-Makes a deposit of $10 into my account using a different Neteller account, even though I have used my own Neteller account for OVER 5 YEARS.
-Makes 69 purchases from the PS Store , converting 1000 FPP's into $10 each time, even though I have not made any purchases from the PS Store in years, and no one in their right mind would convert 69,000 FPP's, as a bronze star, because you will lose a lot of value.
-He requests to raise the deposit limit and Pokerstars approves it, without even doing a quick check whether a foreign IP is being used.
-Then proceeded to make 22 deposits (a total of 900 EURO'S) with a credit card that I have never used, even though I have used the same credit card for years. Plus, I've barely made any deposits since being a member, though apparently 22 deposits with a different credit card by a foreign IP raises no alarms.
-He proceeds to throw money away on the tables on games I don't usually play, even though more than 95% of my hands are played on HU SNG.
-On 10:10 CET he cashes out $800 to his Neteller account.
Quote:
Originally Posted by Pokerstars
Cashout request time: 2015/02/19 10:10 CET
Cashout amount: USD 800.00
USD 10.00 has been automatically credited back to your NETELLER account (4*******1509).
This amount is now available at NETELLER.
Credit transaction #1218445204
USD 790.00 will be credited to your NETELLER account (4*******1509) within 72 hours.
Within the same minute, on 10:10 CET, the remaining $790 is approved and credited to his Neteller account.
Quote:
Originally Posted by Pokerstars
Cashout request time: 2015/02/19 10:10 CET
Cashout amount: USD 790.00
USD 790.00 has been credited to your NETELLER account (4*******1509).
On 17:54 CET Pokerstars freezes my account and requests identification.
As you can see in the dates, the cashout was approved within
1 minute, even though it's not an instant cashout as the previous deposit only covers $10. Plus,
Pokerstars refused to give me the full account number of the NETeller account that was used by the hacker to withdraw money from my PS account, making it impossible to trace the hacker.
When I asked Pokerstars to contact Neteller,
they informed me that they did this on the 19th of February. However, in their next e-mail, they state that they contacted Neteller once I confirmed that the access was not authorized. However,
this would mean that they contacted them on the 21st of February, as the 21st was the first time I contacted Pokerstars. So they have given 2 different dates in assuring me that they contacted Neteller.
Quote:
Originally Posted by Pokerstars
Neteller has confirmed that the funds are no longer in the Neteller account in question. If you would like more details regarding the Neteller account, please contact Neteller directly.
Though this is fruitless as they wont give me the full account ID of the Neteller account in question.
Quote:
Originally Posted by Neteller
We are sorry to hear what has happened to your PokerStars account. Unfortunately we are not able to retrieve the account as the transaction ID you have provided is not valid in our system. Please cooperate with PokerStars and have them contact us with the information so that we can assist regarding this matter.
Here is a link to my original thread in Internet Poker in which this issue was first brought to attention
http://forumserver.twoplustwo.com/28...acked-1513052/
Here's a quote from Pokerstars Michael J in the thread:
Quote:
Originally Posted by Pokerstars Michael J
Hi,
PokerStars can confirm that we’re aware of this thread and continuing to investigate the various issues raised. While we are unable to comment on specific situations, let us provide some additional context that might be informative more broadly.
-We are aware of no evidence to indicate that PokerStars’ database has been compromised, but we have alerted our internal security teams for their review as we usually do when such allegations are raised. It is worth noting in this context that the PokerStars database does not store a merely encrypted version of player’s password: it is hashed using a one-way formula (which is a form of one-way, irreversible, encryption). This prevents someone with access to our database from being able to decrypt a player’s password (although there’s no evidence that someone even got access to our password database). An accessible explanation of the differences between normal encryption and hashing (which we do) is available online here: https://danielmiessler.com/study/enc...ption_hashing/
-We believe that maintaining the security of player accounts requires a joint-partnership between both players and PokerStars. That’s why we invest in a whole range of strong security mechanisms on our end… but also why we enable players to make a decision about the level of security that they feel is appropriate for themselves. We do this by offering players things such as RSA Security Tokens, PokerStars PINs and SMS Validation. SMS Validation and PokerStars PINs are free to players to use, and SMS Validation in particular is specifically designed to mitigate the risk of unauthorised account access from new locations (such as what is alleged in this thread).
-One (small, but important) part of our security mechanisms includes automated emails to the account owners when their account is access from a new location for the first time. These emails have often reduced the impact caused by unauthorised account access.
-Finally, some players have made claims in this thread about “obvious” red flags that PokerStars should have identified. The activity described in this thread (such as accessing accounts from new locations, using new deposit methods and submitting cash outs soon after) are all very common activities, and a security system based around such mechanisms alone would have a significant number of false positives. This would cause many more innocent players to be caught by a system than actual security threats. In this context, this problem is called the ‘Base Rate Fallacy’ and an accessible explanation on this logic error is available online here: http://news.bbc.co.uk/1/hi/magazine/8153539.stm
Hopefully this explanation of the broader issues here is helpful.
Sincerely,
Michael Josem
PokerStars Communications Team
List of other people on 2+2 so far who have mentioned that their PS account has been hacked since the thread is up:
Cristos
boat2p2-2
burobest
shipppp09
Izzit
GreenDolphin
cianus
Spudhead
Muznik
Flashdancer
PWallis' gf
ZenX
Ohlongjohnson
Chopper104
We hope to reach as many people as possible now that this thread is in NVG. Hopefully this will prevent more people from being hacked (set your PIN up) and also allow more victims of the hackers to realise that what happened to them was not an isolated incident.
We ask everyone to provide the following details so that we can investigate this further:
Date & Time of 1st compromised:
Date & Time of last compromised
Deposit Details: (type of card and total amount)
Deposit Dates: 1st Deposit date/time and last deposit date/time
Withdraw Details: (what processor, details of the account - will say in w/d confirmation email, total amount)
Withdraw Dates: 1st withdraw date/time and last withdraw date/time
Country of your account (where its logged in from):
Country of Hack:
Is your password 100% unique:
Did your Full Tilt Poker account have an access attempt also: (To find out, login, then > Account > My Login History (Web)
Do you currently, or have you ever had a UK postal address on your PokerStars account:
Was your PokerStars account dormant (last used regularly more than 60 days ago):
It's worth noting that all the accounts so far seem to have a link to the UK. In my case, I lived in UK in 2011 and the address was added to my Pokerstars account.
A thank you to pmarrsouth and Spudhead for assisting me to write this summary.