Sorry if this has already been posted but I did use the search feature and couldn't find it.

As per the article below it looks like Pokertracker.com were using an outdated version of Drupal and were infected with the MageCart malware (recently used on the British Airways website to skim card details along with many others).

https://www.bleepingcomputer.com/new...ealing-script/

I have also googled for 'Pokertracker MageCart' and can find no official response or warning about this. I am a PT user and I don't appear to have received any communication regarding this.

If you've used any type of card to pay for PokerTracker recently you may want to talk to the card issuer.

On August 8th, we were contacted by a potential customer and by Malwarebytes stating that PokerTracker.com website had been infected by a cross-site scripting (XSS) attack. Within an hour of receiving the email from Malwarebytes, we had determined that an old Drupal module which is no longer maintained contained a security vulnerability which allowed an attacker to inject an XSS attack into the footer of the PokerTracker.com website. We immediately disabled the module and the rogue script was no longer being injected.

Within 24 hours of the email from Malwarebytes, we took several further security steps which included patching the Drupal module that was vulnerable and tightening up our Content Security Policy to only allow whitelisted scripts to be executed so that the same type of XSS attack would no longer be possible.

In the days since the attack, we have been conducting a post mortem to determine the scope and severity of the attack so that we could contact those customers potentially affected. Here is what we have learned thus far:

1. This was a highly customized and targeted attack of PokerTracker.com and it’s customers. The script was being loaded from ajaxclick.[com] which has not previously been seen in the wild.
2. It appears that the attack took place between December 23, 2018 and January 2, 2019.
3. We believe that the attackers were attempting to intercept credit card information while it was being sent from the user’s browser to the credit card processor. We do not have any information to confirm or deny whether the hackers were able to successfully intercept credit card and/or billing data.
4. PokerTracker does not save or store any credit card or billing information on our servers. Only those customers who attempted to purchase via credit card while the rogue script was on the site are affected. We estimate that the number of affected customers is in the low thousands and we are in the process of notifying them.
5. The PokerTracker 4 application and your data within PokerTracker 4 has never been compromised. PokerTracker 4 does load an internal browser for the community page which would have loaded the rogue script but it is not technically possible for the script to gain access to view your data within the PokerTracker application.
6. We have no reason to believe that your PokerTracker.com username or password were intercepted; however, to be abundantly cautious we recommend changing your password.

If you entered your credit card information on the PokerTracker.com website between the dates of December 23, 2018 and August 8, 2019 we will be contacting you to urge you to closely monitor your credit card activity for any fraudulent purchases. If you notice a fraudulent charge, please immediately contact the telephone number on the back of your credit card to notify them of the fraudulent activity.

We regret that this incident has occurred and sincerely apologize that it has taken us three weeks to properly assess the scope and severity of the damage to notify potentially affected customers. This is the first time that we have had a major security incident and we have learned a lot during this process that we can improve upon.

Best regards,

Derek Charles

"If you entered your credit card information on the PokerTracker.com website between the dates of December 23, 2018 and August 8, 2019 we will be contacting you to urge you to closely monitor your credit card activity for any fraudulent purchases. If you notice a fraudulent charge, please immediately contact the telephone number on the back of your credit card to notify them of the fraudulent activity."

Not really sure its the correct business ethics.

Shouldn't you email customers as soon as you got the info?

Is it better to wait 3 weeks to analyze who might be infected and then talking about it (after a forum post and post on bleepingcomp...) than just let everyone know right away?


Looks like you did terrible job here and it shouldnt be the practice of such a large company.

Doesn't strike me as anything to do with ethics, unless you think they were trying to sweep it under the rug.

Poor practice, maybe. But I also understand not wanting to start a big panic. Not saying it's right (or that it's not), but I understand the dilemma.

It took us 18 days to properly assess the scope and severity of the hack. We did not officially know the dates that the hack occurred or whom was potentially affected until very recently. We admit that this is slightly longer than we would have liked and we can do better. As we stated in our synopsis, this is the first time that we have had a security issue of this kind and we have learned a lot throughout this process.

We are not a large company by any metric. In fact, we are on the small side of the small business classification.

Terrible may be an overstatement. In my opinion, terrible would be not being transparent and/or sweeping the issue under the rug of which we have done neither. There are definitely areas that we can improve upon and expediting the time to notify customers to faster than 2.5 weeks is certainly an area that we can improve and do better. We have admitted as much.

Best regards,

Derek

PSA to any business.

When responding to a some sort of customer snafu.... read that post and do what he/she did.


I dont use pokertracker (Murica) and dont have any idea who wrote that/lead the response effort, but this is how to respond to such things.

picture perfect. very well done.

it was signed derek charles so is it not safe to assume he is a he? good response...from both of derek's 2+2 accounts

This part was funny. How big do you think Pokertraker is in a declining market where they charge at most $200 for their product?



You have no scope for business or money bro.

Unfortunately I am affected by this. Any tips other than checking your transactions carefully?

woops and humorous post.

skipped over that in official response.

George Kastanza and PTlou.... Lord of the Idiots.

Well done Mr. Derek Charles. Much skill you have.

First, I am very sorry that you are impacted and inconvenienced by this.

We cannot prove or refute that your card information was intercepted therefore it is best to remain vigilant and be proactive.

Please contact the telephone number on the back of your credit card to contact the issuing bank of the card. Notify them that your card information was potentially breached and they should be able to provide you with options. They may be willing to cancel the card and obtain a replacement card (along with all of the hassles of doing that). It doesn't hurt to call them to learn what your options are.

Best regards,

Derek

I’m sorry if I missed you say if you have done this or not but have you sent out a mass email to everyone affected ?

Not everyone is reading nvg these days and shoid be made aware

For which they have been fined (subject to appeal) £183 million by the UK ICO.

Yeah it's really messed up that you didn't notify all customers immediately upon realizing the issue.

This is Nixon all over again.

Yeah my answer wasnt detailed. At least I could made you happy because you could use the opportunity to berate me :P I wish I was as smart as you.

I obviously meant in poker, I am almost as big of an idiot as you think but slightly less.

But which company that sells software in POKER are:
1. bigger $ wise
2. have more customers
3. have a better reputation and longer existing?

than hm+pt together?


I just implied if thats the practice with a company this highly ranked in poker community I couldnt even imagine what the practicises are with other developers.

check mate @sirhuntington no more chess for you.

^^^ LOL

Rereading it, my post came off kinda dickish at the end. My bad.

Yes, all affected customers have been notified via email.

Best regards,

Derek

Just cancelled the affected credit card and getting a new one in 7-10 business days. No need to check transactions days/months from now. I suggest the rest of the people affected do the same.


Sent from my iPhone using Tapatalk Pro

For anyone interested in a more technical write-up
https://blog.malwarebytes.com/threat...ng-poker-face/

1. when did you send out the emails to those affected??
2. why are so certain only those were affected? Isn't it better security standard to tell everyone, just in case?
3. why they injected the malicious JS in Pokertracker4 community if they knew they can't get any credit card numbers there?
4. why you so certain they couldn't look into someone's database / hole cards?

I purchased a license to PT4 February 13th.
June 3rd I was contacted by my bank that they could see authorisations from a suspicious merchant and that they had blocked my card. They told me I could probably expect fraudulent charges to hit my account shortly.
June 4th my card was hit by three charges of 370 Saudi Arabian riyals from a merchant called "ITUNES.COM/BILL".
I disputed the charges, got my money back and haven't heard any further (i.e. the merchant didn't challenge it).

Poker tracker... This is absurd you didn't send an email to everyone immediately instead of quietly fixing it. By covering it up you transformed from a victim to a co-conspirator.

You still are not aware of the implications behind your actions based on your tepid and defensive response here.

1. Emails were sent out to all potentially affected customers within 24 hours of learning which customers were impacted.

2. We were able to narrow the date of the hack to between December 23, 2018 and January 2, 2019. The site was clean on December 23rd and was infected on January 2nd. Furthermore, we know the exact time that the attack was eliminated from the website on August 8th. Therefore, we emailed everyone that entered credit card information on our site and was potentially impacted from December 23rd (known clean) through August 8th (when the attack was neutralized).

3. It was injected into the footer of the website which is loaded on every page of the website which also includes the PokerTracker community page since that loads the same footer. It is not possible for JavaScript in the community page to access your PokerTracker 4 data.

4. This was a JavaScript attack on the website. It was not an attack on the PokerTracker 4 software. It is literally impossible for this JavaScript on the website to access your PokerTracker 4 data or your poker clients. Furthermore, Malwarebytes security team studied the attack and could precisely see what they were doing -- skimming credit card data.

Best regards,

Derek

+1
I got a spam email from you about your problem with PartyPoker banning HHs, but no info on potential CC hack. Dont know if this is sad or funny, but it is not good.
Will probably re-activate my Hand2Note licence instead of contining with PT4 after this.