As someone said in this thread in the past you would receive emails asking you what was going on if there was suspicious activity on your account.

I'd fully expect to receive one of those emails even if you use a security token or SMS verification.

The better question is if they are willing to pay to have this stuff fixed.

If you consider the amount of accounts on Pokerstars a 10% drop is actually quite impressive probably. Stupid post.




I agree however that the graph seems pretty simple, for all we know hacks are up 30% up since March last year. I have a hard time believing the only thing that has changed is visibility of hackings, but obv I might be wrong.

Hmmm is it though? I thought I should activate this so took a look and was disappointed to discover that it didnt work as most two factor authentication does..specifically that it doesn't insist on a code for every login or at least the first login from every device when first used after activation. Instead what we get is a vague statement that a code will be sent when unusual activity is detected, with no clarification of what criteria is used.

Maybe it would cover first login from a device or location that we don't normally login from, but maybe it doesn't. Maybe it covers new sources for deposits or withdrawals or maybe it doesn't.

If you are going to do it, do it right. Insist on having the code used for every login, deposit, withdrawal and change of other account data. It will be more robust and give end users more confidence.

I appear to have misrepresented Michael's reply here, which was not my intention. I asked him to reassure me that this could not happen, and he replied that it could be avoided by activating an RSA.

He didn't specifically admit that all the ridiculously obvious fraud crap (huge deposit from new card, snap cashout to neteller) could happen once my account has been accessed from a brand new foreign location, but he didn't offer any reassurance that Stars might prevent it either. I apologise if he (or the company) feels like my paraphrasing of his replies to me was unfair, but I remain unhappy with the content of his replies.

This group of hacks (if they are connected as a group at all) is reported since the end of last year. Interpreting the fact that the graph shows a decline during this period but doesn't compare it to the period before is of course left as an exercise for the reader.

The rest of Michael's post seems fine, but attempting to use that graph to show any meaningful conclusions is so lol considering this site is the home of "lol sample size"

I'd like to know if this is still happening. If not, I'd love to hear the reasoning behind changing that policy.

Just get the RSA token people. Stars having this option is fantastic.

A bar graph, unlabeled on the y axis, with 3 data points. Josem replies featuring language intended to mislead and/or to preemptively blame customers. What a joke.

4,7% drop and we still got 13 days to go. I think it will end the month + 3,5%.

if the median hack is $57 just refund the money you cheap ****s. same day exploits should not be the customers fault. your system sucks. when a new deposit method is used, 72 hour delay. when a new ip 3 hour delay

Neteller does not allow cashouts without documents.

you need to find out the Neteller account number. Pokerstars will have to give you that since its your money right? And then call Neteller support service

OP stated that Stars refuses to disclose it.

You can add me to the list of accounts who got hacked in this way. I think it was because of a virus. But I got an e-mail that said my account was accessed by a new location and when I logged in, all my money was gone. Apparently someone from a Russian IP had logged in and did a chip dump to another account. They didn't attempt to make deposits or withdraws though. It was just a chip dump in a cash game. I got the same e-mail from Stars and they said I was **** out of luck and I should add a PIN to my acct. This was maybe 6 months ago BTW.

Stars protecting/helping the hackers, insanity.

This quote bothered me the most. " Relatively low" I personally had approximately $38 in my account. Yes, 98% of two plus twoers would laugh out loud at this amount. After my account was hacked, which a Pokerstars investigation clearly showed was a deliberate hack on my account, my balance was -$159.16. Again, not an amount that would be considered anything but "relatively low" by Pokerstars standards. I am a recreational player, like many other in this category, I have deposited many times over the years. I wouldnt be surprised if the number of deposits totalled over $10,000. I never withdrew even once. I would love to see the total number of rake that was made off of my account over the years. I am sure it well exceeds the the $159.16 that was stolen. After all of these years as a loyal customer contributing to your bottom line, I was the victim of an unscrupulous criminal, that robbed me of my meager bankroll. How do you repond to this? By acting as though I was at fault, and making me feel as if I had done something wrong by not securing my account effectively.

Well guess what Michael? $159.16 is not a relatively low number in my household. As a single working parent, its not something that I can afford to cover. As I stated in my emails to Pokerstars security, I was willing to take the hit on the loss of my bankroll, and work with you to ensure that my account info was secure on my end. But this wasnt good enough. No, you wanted me to cover the loss that was incurred by some criminal who gained access to my account. And I know ive stated it before, but it deserves repeating. If Pokerstars has respected the deposit limits I had in place, this never would have been an issue. If you are serious about having responsibly gaming procedures in place, then make them harder to change. ( Even a 24 hr period before responsible gaming limits are changed would have work in this case.)

Infeasable and impossible are two different things.
https://en.wikipedia.org/wiki/Password_cracking

+1. Well said.

If my summary is correct, according to this poster:

1. He played from a recognized device (personal cell phone).

2. Just MINUTES later, someone logged into his account from a new device.

3. That someone was 300km away from the poster.

Michael, is nothing triggered within PokerStars' security system when users "travel" 300km in a matter of minutes AND log in from a new device? Wait, there's more:

4. Whoever logged in from hundreds of kilometers away on a new device minutes after the poster accessed his account from his personal cell phone raised the poster's long-established deposit limit from $20 to $1,500.

5. Then whoever logged in tried to process 6 transactions with 3 separate credit cards; 5 transactions were declined and 1 was accepted.

6. Then whoever logged in registered for a $200 hyper sitngo - I would assume that's not a game the poster normally plays.

Did I summarize that correctly? If so, it's hard for me to understand if none of these individual factors trigger a red flag. But it would actually blow my mind if these factors in aggregate don't trigger security alerts within PokerStar's system.

Can you explain?

Krazykarter, I think you missed the point. (or maybe I did).

Monorail doesn't really want to restrict access to a single IP, he wants to restrict access to a single device

All this stuff about statis IP, defining ranges, blah blah blah is just confusing the "stupid people" who don't understand technology. (I believe you are suffering from the inverse, "stupid techie syndrome", where you get drawn into the technology discussion while missing the obvious use-case question that's really the point.)

Monorail, to answer what I imagine your question really is:

No, it is not particularly difficult to restrict account access to a single device or even a multiple of trusted devices. The fact that PS emails talk about "device fingerprints" proves they already are 70% of the way there.

It's really disappointing to see Josem post that graph considering that he himself has an excellent grasp of statistical analysis and he knows it doesn't mean **** as presented.

Lol @ thinking the password leak is coming from stars or an inside job.

I can't explain stars's behavior in this case, but one thing is suspicious, and that is the cell phone. The problem with cell phones is that they are an easy target for hacking. Basically the phone uses an encrypted connection between the phone and it's cell's station, but this can be easily counterfeit . You just need a fake but unencrypted(!) access point in the same cell which acts like the cell's original station (copies it's ID), and than the phone connects to the fake station with an insecure connection, and everything that is usually encrypted turns face up (passwords, conversation data, literally everything) for whoever operates the fake cell station. This technique is used by intelligence agencies or by the police(most of the cases unauthorized) and I can imagine that someone who has the chance to use this abuses this technology for stealing passwords, therefore I wouldn't ever play poker or do anything that has to do with dealing a lot of money via cell phone...

lol @ a drop in "reported" hacks.

Cause that totally means they are actually decreasing.

You have good PR people PokerStars..