Don't most people have Dynamic IPs? I know I do, hence only being able to log on with a certain IP would never work.

http://whatismyipaddress.com/dynamic-static

Nobody is suggesting that. You just confirm it with them.

They can do a bank transfer and they presumably have a bank debit card. If they don't have a bank account all then its because they are underage.

and

Start plugging leaks and the total number of hacks will go down. That it seems daunting to plug all the leaks is not a reason not to start.

the analogy would hold if all the lockers had the same key, the suspect was known to be Polish but they were unable to cooperate with Polish law enforcement because the club is not licensed there.

I had no idea either option existed until I saw this thread on 2p2. Users should be being prompted to set these up as they login instead of the joke first pet's name questions.

I know I've been harsh in this thread but I think it has been worth my time because I hope something I've said will be used by Pokerstars to improve things and I have confidence that people want that to happen. I have a betfair account but don't, for example, participate in all the iPoker bots threads because I don't believe there is any point or that anyone cares. And also I approve of Pokerstars keep the games running in the grey and black markets - it just has to be done in a way that doesn't affect customers in other countries.

It's still an IP address in the range assigned to your ISP. Not a totally random one.

In B4 someone says that there is no point looking at IP addresses because the hacker could have the same ISP.

Ok, I'm by no means a computer wizz, luckily I'm from Denmark and have to use NemID to log on. NemID works like an RSA token, and is mandatory to have for all Danes to log on all gambling sites, webbanks etc.

If your account balance is high enough that it will financially crush you if its lost, then you should have an RSA key. There is literally no excuse for that.

why not keep the majority of the cash offline and deposit when necessary?

They're free to SNE but cost x amount of points to lower tier players. Banks give them for free to all their customers and pokerstars must earn millions a year in interest on the funds held in poker accounts and thus the RSA token should also be free to all pokerstars players who are silver and above.

The funny thing is that you don't have to keep your roll on Stars in order to to lose money to a hacker/Stars.

Or, you get punished twice by not being able to play for almost a year if you refuse to cover any debts as a result of a hack + shady deposits & withdraws.

Still underwhelmed by Stars' responses (although the fact that they're responding at all is a huge improvement on the first few days of the thread in the Zoo).

Can Stars actually confirm this is not a problem at their end? Not yet, at least on the strength of what's being shared with us. Obviously their own investigation will be far more advanced than what is being discussed publicly

For the avoidance of doubt, simply hashing a password database is not best practice when it comes to security. It does not guarantee that a miscreant (whether a rogue employee or some third party) can't get at the passwords. Salting the hash is better, and safer.

But either way, we have no information yet on when a database might have been compromised. Often when companies are hacked it is old information that is taken (because someone forgot that it existed and so didn't protect it). The fact that dormant accounts have been attacked (coupled with the fact that the attackers knows the passwords yet hasn't been able to compromise other accounts such as webmail, despite trying in at least the case of the OP) strongly suggests this as a possible explanation of what has happened.

Key issues yet to be addressed:

1. How old is each compromised account?

2. When was the password last changed on each compromised account?

3. Is Stars' password database salted as well as hashed? (I've re-read Michael's posts in both threads and I don't think he's confirmed this, despite what someone else said).

4. Has Stars' password database always been hashed (and salted)?

5. Can we rule out a compromised old Stars password database being the source of these hacks? The answer to this question is currently an emphatic no, whatever Stars wants us to believe.

As more compromised accounts are reported, someone will turn out to be the result of viruses/phishing sites/webmail hacks/etc. But ignore those issues for the main thrust of this thread: the whole point is that there for the first few hacks that led to the thread being created there are no indicators of any such problem. These are "right first time" password compromises where no other service is affected, and in several cases of long-dormant accounts.

The most likely explanation remains a compromised database (I think a rogue employee is far less likely than an old file resurfacing on a decommissioned server or backup), and if it's not at Stars' end then:

6. What affiliates have people's passwords? I've never used one. Is this how it works?

7. What affiliate is common to those affected? (Again, currently no information.)

One other possibility that has been mooted appears to be weaknesses in security when playing via the mobile app (such as a compromised access point). I think this is relatively unlikely, given the players with compromised accounts are spread around the world, but just in case, another obvious question is:

8. Has everyone affected played via the mobile app? (The answer to this, given the dormancy of some accounts, appears to be a clear NO)

On a separate note, presumably you all have enough sense to add wrong (and hopefully strong - e.g. "h6Y@sio3!") responses to the security questions? They're all pretty basic biographical information and chances are that your real answers would be easily discoverable and/or already used by you in relation to other services.

9. Stars - can you please confirm that the system is case-sensitive etc for security question answers? If not then these are practically worthless.

Someone suggested locking accounts to an IP address. This is moronic, since most people's IP address will change frequently at the whim of their ISP (or on access point reboot). Relatively few people have static addresses.

As for the graph, it shows nothing. Let's assume for the sake of the maths that there are 10 million Stars accounts. Let's also assume that 20,000 of those 10 million accounts were hacked in January, 18,660 in February, and 17,876 in the first 19 days of March. Doesn't tell us anything, does it? But it matches the figures in the graph.

What if we also learned that only 150 accounts had been hacked in December, and no more than 100 in any other month in 2014? Then what does the graph tell us? Again, nothing (save that there is a recent problem).

Similarly, the insistence on "median" loss is concerning. No-one in their right mind uses median to indicate an average, unless they are trying to spin the story. Mean and mode would both be much more helpful to us.

Lastly, what if Stars traffic also declines in the period after Christmas (as is likely to be the case)? What then? If this is an attack somehow relating to compromises of the players' credentials (as Stars seems to want us to believe, and which in reality will only happen when they play) then the "reduction" does not exist at all.

10. So, Stars, what about some meaningful data, please?

Oh, and to the poster who scoffed at the idea that Stars would refuse to give OP the NT account number involved with the compromise of his account, that is exactly what seems to have happened. He's certainly been given the run around by CS (whether intentionally or otherwise) and something doesn't add up.

3 days ago I asked couple of questions to their security team, one of the questions I asked was "when will I receieve SMS or what kind of unusual activity can trigger this? "

That sucks

Any idea of how many people are affected in the Czech Rep?

Bumping so this point isn't lost. Median is NOT what is traditionally thought of as the average. The total loss is NOT $57.09 * NumberOfHackedAccounts. That would be true if the MEAN loss was posted.

To put it simpler than above, if there were only three hacks:

1 for $10
1 for $57.09
1 for $75000

The median would sill be $57.09, but the mean (average) would be $25,022.36. I trust we all can see the difference and can see why Stars using the median (hoping no one would notice, no doubt) is very disingenuous.

Both metrics have their place. Median is useful for sets of data with huge outliers. Income inequality, for example. Median income is more useful to look at because extremely wealthy people inflate the average.

So if 19 people lost ~57.09 and one person lost $10,000, the median would be more relevant and the mean would be misleading. you're just assuming that Josem picked a misleading stat, but we don't know what the data looks like.

Unfortunately need tot quote myself. This would be the solution if it applies! PW's can not be stolen from stars DB 1way md5 encryption i guess (for people not understanding what I mean: first thing you do as a company, its really easy, is to one-way encrypt all the passwords). Ppl claim they surely have no malware/spyware.

However, a leak on SSL/network level could make sure third parties can eavesdrop on the connection while sending data. The leak would not be @ PS and not @ clientside. However, if PS security is actually looking into this, they will surely not inform 2+2.. Anybody seeing this as a valid option too?

Exactly, the details/graph provided by Josem/Stars is of no use to any of us, and posting it like that actually make it seem like they think we are stupid.

To be fair to Michael J, he's personally worthy of a great deal of benefit of the doubt when it comes to the integrity of his posting content. Probably more so than any other poster I can think of off the top of my head, actually. So it's a little unfair for people to be casting doubt on the veracity of the data he's presented, even though he's presented it poorly. This guy understands statistics, and has an absolutely elite reputation.

I don't think anyone doubts that he only posts the info he is allowed to. Josem is not Pokerstars, we know that.

I don't know anything about him other than his posts on here. To me, it appeared that one purpose of his post was to downplay the severity of the financial loss to a player if his/her account is compromised. I don't doubt his abilities or his personal integrity, but he's obviously going to do everything he can to protect the company he works for, including posting numbers that aren't entirely meaningful but are better PR than more meaningful numbers.

Given the below options:

1. The mean loss per account compromise is much LESS than the median loss per account compromise.

2. The mean loss per account compromise is about the same as the median loss per account compromise.

3. The mean loss per account compromise is much MORE than the median loss per account compromise.

Which do you think is more likely to be true?

Thinking back to the times when Josem used to be a voice of reason, and on the players' side in these debates...

You're not going to achieve anything by calling out Pokerstars out for being dumb for posting a "dumb graph" guys. The graph shows that there isn't a huge increase in hacks during the last 3 months, that's what he wanted to inform us about with the graph, and it was succesful in doing that. I agree the graph has little value without more months to compare with, but it at least confirms that there isn't a major issue going on during the last few months.

I suspect that the graph hasn't been decreasing over the past 12 months which is why they didn't provide more data. It probably also hasn't been increasing significantly over the past 12 months, or they wouldn't have posted that graph. At least that is my read . Obv it still would be nice to see a graph with more data over time, without absolute numbers.

It is perfectly reasonable for them to not share absolute numbers imo.

yeah, I enjoy a good lynch mob as much as the next man, and I've locked horns with Michael myself already, but my point is essentially that I disagree with the bolded so I'll take option 2. My net worth is probably a lot less than yours though, so it may not be a fair bet! :P

Still haven't seen an explanation as to why Stars doesn't block unexpected log-ins from a different country.

Same here.

He's a professional shill. If he wasn't spinning it a little bit he'd be really bad at his job. The average is clearly going to be higher than the median for what should be obvious reasons.

The irritating part is that he came in and addressed none of the questions that actually needed to be answered.