Josem:
So now we are educated that outliers affect the average - now can you please tell us what the average is? I can write a long post about why the median also isnt the best representation of the data...
Just tell us what the mean is and we know how to interpret it!
That is why you are hiding an important statistics (=the mean)?

Lets say one form of password protection existed and it was uber easy to gain entry to someone elses account. It should STILL be damn near impossible to cash out money as a hacker from 500 miles away from a previous log in 5 minutes ago. due to many many red flags.

why do we have to send our personal information to you to verify our accounts if you allow deposits and withdrawls with different names on them?? it seems this is only to verify the supposid person playing is of legal age, it is not to protect me from illegal deposits and withdrawls.

This aligns with my next point. if you log out from a pc mid tournament and log in from another PC this is allowed and nothing happens. Sure once in a blue moon a big cheating thread is made when thousands or tens of thousands of dollars are withheld but in general you can also do this with ease.

Maybe the system alerts and maybe there are so many alerts for these types of things and so few workers to monitor everyone only HIGH risk are monitored. These two things parallel because they have to do with security flagging suspicious account activity. Now people can say what they want to trump the multi person tournament activity but I know for facts it takes place, not allowed but not caught nearly ever. I have never done it myself but there are probably way more alerts than can be watched. Its 100% fact.
Accounts should be flagged immediately that log in from one area and another in a 24 hour period and it shouldn't be the customers responsibility to install security alerts like cell phone texts to activate BASIC security. Sorry if I am not in here waiving RSA token pom poms but there is not nearly good enough basic security. If I can't email and have any credit cards not in my name not used you are not helping me protect my account against fraud regardless how they get in. You do not have the tools and foundation in place to help protect me from being scammed. Throwing me a shield for premium price is only the beginning of the process. What are you going to do to help me once the hacker is in our accounts. Being naive and pretending they wont if you have proper rsa tokens is again putiing blame on customers and not on your poor defence and policies once they are in.

It doesn't add up at all. However, a little more information would help too, please:

• Had your girlfriend only ever played from your machine, or did she use another machine too?
  
• If she only ever used your machine, did she use the same Windows user account as you?
  
• Was either password saved in the Stars client?
  
• So, to clarify, neither of you used anything other than a password to secure your accounts?

If she used your account on your machine (and nothing else) and had the same account security as you, then it raises even more questions.

The only two explanations that spring to mind immediately are that her password was harvested via a phishing website that you didn't visit and/or fall for (presumably you've asked whether she ever typed her credentials anywhere other than the Stars client?) and that she reused a password from another account that was compromised (and somehow the attacker knew she used it on Stars, as well as her Stars ID, which seems pretty far-fetched).

I had the opposite experience around December. I tried to insta cash out my first big win in ages 17k and they 'froze' my account, said it was 'standard procedure' as it was in a Sunday major game. Made me send in every id document possible, TWICE, and then, after 2 weeks, they allowed it to be withdrawn. I made and verified my account in 2010. I was furious tbh as Ive never been prompted or questioned when I was regularly depositing on and off over the five years.

Obviously probably not related but received this email from twitch earlier

With the influx of twitch users of late thought it could be of some relevance if not importance.

Two weeks is way too long. If they took 48 or 96 hours to make sure that the 5 figure score went to the right person, I wouldn't complain.
It's probably not related to PokerStars at all. But it is an example of really poor communication. One source says that the servers were compromised since March 3rd 2015 and everybody who logged into twitch since then gave his password to the evils in clear text. Now they write that the passwords were cryptographically protected, whatever the **** that means.

Same thing happened to me after a big tourney cash.
This is just an example of Stars free rolling you. Say you couldn't provide ID because you're underage or are running multiple accounts. What do you think is going to happen to your money?

If Stars wants us all to buy those RSA tokens the price needs to go down.
Banks give them for free for over a decade and Skrill and other companies sell them for 15 euros/dollars.
So Stars got hustled into paying 90+ for them so now we need to dish out around 50 bucks for one.
Hard sell for nano/micro and casual players obv.

With the volume and stakes I play the highest VIP level I can reach is SilverStar. The RSA token is 3000fpps for SilverStars. If im lucky I might reach that amount by the end of the year. In the mean time it's my own fault if I get hacked?

use the pin then #nohatejustsayin

sorry as this has probably been asked multiple times

But for people that have been told to pay back the "lost money" - this part i dont get? How is a stolen credit card your issue?

But thats besides the point... My main question is... why dont these people just start a new account and not pay back a single dollar? Thats certainly what I would be doing!

I'm pleased to say that Stars, after initially denying my request to restrict cash out options to cheques only, has reconsidered and have gone along with my request. I'm also glad that they did this on their own volition with no further emails from me.

Obviously I'm just one person and this doesn't help any of the victims but it does show that they are open to reconsidering previously held positions. Hopefully reducing the amount of damage that hackers can do they breached an account and educating the user base on how to protect themselves from hacks are some of the top priorities for Stars moving forward.

How is it our issue? Good question, not sure why Stars has taken the stance to put the burden of repayment back on the customer. Simple logic must dictate, that if they allowed the victimized player to redeposit and keep playing, they would net you more in the long term in rake. ( This is based on the assumption that many of us who were victimized refuse to repay the fraudulent transaction and therefore no longer play. In my case I was a customer for at least 7 years, I guarantee that they make considerably more than the $159.16 they want me to repay in rake yearly. By a long shot, I imagine)

As for the second question, " Why dont these people start a new account" For me personally, the answer is simple. I am an honest person. Doing so would be dishonest and against Pokerstars terms of service. Even though I feel that I have been screwed over by Pokerstars, two wrongs don't make a right. I assume that I will never play on Pokerstars again, but part of me does hold out a slight glimmer of hope that Stars will step up and do the right thing. If they choose not to, then so be it. A dishonorable company doesn't deserve my hard earned money anyways.

Because people don't want to continually be worried about when Stars is going to figure it out, at which time they'll be forced to pay back the money anyway, and it will likely cost them more when their account gets closed and they lose all their rewards.

Maybe you simply shouldn't play underage or even multi-account? How dumb are you?

PokerStars has opened up a big can of worms because they are backing themselves into a corner.

Word of mouth is at play here with these account hackings and even worse they can chose who they want to play on their site..

all the while they have players breaking their ToS each and every day under their nose , it wont be long before these things catch up to them.

Where there is $$ involved there will be fraud, always. From online banking to online purchases to online poker. It is also pretty much impossible to eradicate all fraud. I assume that on Stars and other sites there are many people attempting to fraud the site, but % wise it is tiny (well less than 1%)

If you have knowledge of people breaking the ToS then report them to support. It will be sent to the correct department and investigated - giving as much detail as possible really helps in these situations

An email reply I had when I asked, "why isn't the pin a default security measure?", was that some players just play with play money.

Your password has a one-way hash where, for example GOD is translated to kjw4l5jldkfjssoaerse. Knowing kjw4l5jldkfjssoaerse there's no way besides trial and error to decipher your real password. When you enter your password is hashed and they compare to the hashed versions to see fi they are the same.

Cryptographically protected means that someone got access to the hashed version of your password. Password crackers can lookup simple passwords, by trial and error, so Twitch is requiring everyone to choose complicated passwords. People on the Twitch thread are complaining about requiring complicated passwords, but they can get sued, or have trouble getting insurance if they do not respond to issues when they become aware of them.

The Two Plus Two pokercast covered this issue in great detail on their show that went live today. Steve Day from Pokerstars came on to discuss it as well.

My take away from Steve was that the instances of fraud on the site is very low, and even though this thread has garnered a lot of discussion, the reported frauds are just a small drop in the bucket of all the activity on the site. But they do take it seriously and are looking at ways to prevent it. Some changes have already taken place, such as a 48hr delay in cashouts. He talked a lot about different stuff that has been asked in this thread, so I definitely think that if the topic is of interest to you, you should listen. ( Not to mention the fact that its a great podcast, so you should be listening anyways)

I know what a hash is. But you explained it well for those who don't. My main criticism was that in the original report twitch spoke about an initial compromise on March 3rd and hinted at an RCE leak. That means that during the three weeks the hacker(s) could have logged the passwords in clear text, by grabbing them before they are hashed.

The email I quoted didn't mention that period of time at all. Also cryptographically protected is very vague (that was my 2nd complaint, but I should have worded it better). They don't even confirm that they hashed; they neither mention the algorithm nor salts. The protection could be XOR with a constant; or unsalted md4.

http://pokercast.twoplustwo.com/

What he actually seemed to say (to my ears, anyway) was that fewer than 0.1% of account logins on a monthly basis are fraudulent.

That number - 1 in every 1000 logins - sounds huge to me. Even if it was 1 in every 1000 accounts hit each month I think it would sound huge, but here it's logins. If we say that the average player (from a dormant account to a reg logging in 60 times a month) on average logs in 3 times a month, then this figure would indicate that each month 1 in every 333 accounts is hit by fraud. Perhaps the average account logs in only once a month, but then we're still at 1 in 1000.

Now, Steve did say fewer than 0.1%, so this analysis will slightly overstate the instance of fraud. But it can't be out by as much as a factor of 10 because he'd have said fewer than 0.01% instead.

Not low.

Sorry to hear about your losses guys :/

I guess they (stars) should give the 'extra security token' to costumers for free or at least very very cheap, Cash in/out options should stay the same, who wants to wait about for money these days? its 2015 ffs.