Two Plus Two Publishing LLC
Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > >

Notices

News, Views, and Gossip For poker news, views, and gossip

Reply
 
Thread Tools Display Modes
Old 08-26-2019, 09:01 AM   #1
unoturbo999
centurion
 
Join Date: Apr 2008
Posts: 146
PokerTracker.com Hacked to Inject Payment Card Stealing Script

Sorry if this has already been posted but I did use the search feature and couldn't find it.

As per the article below it looks like Pokertracker.com were using an outdated version of Drupal and were infected with the MageCart malware (recently used on the British Airways website to skim card details along with many others).

https://www.bleepingcomputer.com/new...ealing-script/

I have also googled for 'Pokertracker MageCart' and can find no official response or warning about this. I am a PT user and I don't appear to have received any communication regarding this.

If you've used any type of card to pay for PokerTracker recently you may want to talk to the card issuer.
unoturbo999 is offline   Reply With Quote
Old 08-26-2019, 05:05 PM   #2
PokerTracker
Carpal \'Tunnel
 
Join Date: Jun 2011
Posts: 6,025
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

On August 8th, we were contacted by a potential customer and by Malwarebytes stating that PokerTracker.com website had been infected by a cross-site scripting (XSS) attack. Within an hour of receiving the email from Malwarebytes, we had determined that an old Drupal module which is no longer maintained contained a security vulnerability which allowed an attacker to inject an XSS attack into the footer of the PokerTracker.com website. We immediately disabled the module and the rogue script was no longer being injected.

Within 24 hours of the email from Malwarebytes, we took several further security steps which included patching the Drupal module that was vulnerable and tightening up our Content Security Policy to only allow whitelisted scripts to be executed so that the same type of XSS attack would no longer be possible.

In the days since the attack, we have been conducting a post mortem to determine the scope and severity of the attack so that we could contact those customers potentially affected. Here is what we have learned thus far:

  1. This was a highly customized and targeted attack of PokerTracker.com and itís customers. The script was being loaded from ajaxclick.[com] which has not previously been seen in the wild.
  2. It appears that the attack took place between December 23, 2018 and January 2, 2019.
  3. We believe that the attackers were attempting to intercept credit card information while it was being sent from the userís browser to the credit card processor. We do not have any information to confirm or deny whether the hackers were able to successfully intercept credit card and/or billing data.
  4. PokerTracker does not save or store any credit card or billing information on our servers. Only those customers who attempted to purchase via credit card while the rogue script was on the site are affected. We estimate that the number of affected customers is in the low thousands and we are in the process of notifying them.
  5. The PokerTracker 4 application and your data within PokerTracker 4 has never been compromised. PokerTracker 4 does load an internal browser for the community page which would have loaded the rogue script but it is not technically possible for the script to gain access to view your data within the PokerTracker application.
  6. We have no reason to believe that your PokerTracker.com username or password were intercepted; however, to be abundantly cautious we recommend changing your password.

If you entered your credit card information on the PokerTracker.com website between the dates of December 23, 2018 and August 8, 2019 we will be contacting you to urge you to closely monitor your credit card activity for any fraudulent purchases. If you notice a fraudulent charge, please immediately contact the telephone number on the back of your credit card to notify them of the fraudulent activity.

We regret that this incident has occurred and sincerely apologize that it has taken us three weeks to properly assess the scope and severity of the damage to notify potentially affected customers. This is the first time that we have had a major security incident and we have learned a lot during this process that we can improve upon.

Best regards,

Derek Charles
PokerTracker is offline   Reply With Quote
Old 08-26-2019, 08:18 PM   #3
TRT Boss
centurion
 
Join Date: Nov 2018
Posts: 144
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

"If you entered your credit card information on the PokerTracker.com website between the dates of December 23, 2018 and August 8, 2019 we will be contacting you to urge you to closely monitor your credit card activity for any fraudulent purchases. If you notice a fraudulent charge, please immediately contact the telephone number on the back of your credit card to notify them of the fraudulent activity."

Not really sure its the correct business ethics.

Shouldn't you email customers as soon as you got the info?

Is it better to wait 3 weeks to analyze who might be infected and then talking about it (after a forum post and post on bleepingcomp...) than just let everyone know right away?


Looks like you did terrible job here and it shouldnt be the practice of such a large company.
TRT Boss is offline   Reply With Quote
Old 08-26-2019, 08:51 PM   #4
Bobo Fett
2+2 Ad Man
 
Bobo Fett's Avatar
 
Join Date: May 2006
Location: Canada, eh!
Posts: 49,848
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by TRT Boss View Post
Not really sure its the correct business ethics.
Doesn't strike me as anything to do with ethics, unless you think they were trying to sweep it under the rug.

Poor practice, maybe. But I also understand not wanting to start a big panic. Not saying it's right (or that it's not), but I understand the dilemma.
Bobo Fett is offline   Reply With Quote
Old 08-26-2019, 09:29 PM   #5
APerfect10
old hand
 
Join Date: Jan 2005
Location: Philadelphia, PA
Posts: 1,273
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by TRT Boss View Post
Shouldn't you email customers as soon as you got the info?

Is it better to wait 3 weeks to analyze who might be infected and then talking about it (after a forum post and post on bleepingcomp...) than just let everyone know right away?
It took us 18 days to properly assess the scope and severity of the hack. We did not officially know the dates that the hack occurred or whom was potentially affected until very recently. We admit that this is slightly longer than we would have liked and we can do better. As we stated in our synopsis, this is the first time that we have had a security issue of this kind and we have learned a lot throughout this process.

Quote:
Originally Posted by TRT Boss View Post
Looks like you did terrible job here and it shouldnt be the practice of such a large company.
We are not a large company by any metric. In fact, we are on the small side of the small business classification.

Terrible may be an overstatement. In my opinion, terrible would be not being transparent and/or sweeping the issue under the rug of which we have done neither. There are definitely areas that we can improve upon and expediting the time to notify customers to faster than 2.5 weeks is certainly an area that we can improve and do better. We have admitted as much.

Best regards,

Derek
APerfect10 is offline   Reply With Quote
Old 08-26-2019, 10:02 PM   #6
PTLou
Jellybean
 
PTLou's Avatar
 
Join Date: Nov 2008
Location: Charlotte, NC
Posts: 4,754
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by PokerTracker View Post
On August 8th, we were contacted by a potential customer and by Malwarebytes stating that PokerTracker.com website had been infected by a cross-site scripting (XSS) attack.
PSA to any business.

When responding to a some sort of customer snafu.... read that post and do what he/she did.


I dont use pokertracker (Murica) and dont have any idea who wrote that/lead the response effort, but this is how to respond to such things.

picture perfect. very well done.
PTLou is offline   Reply With Quote
Old 08-26-2019, 11:44 PM   #7
Stupor
journeyman
 
Join Date: May 2013
Posts: 319
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by PTLou View Post
PSA to any business.

When responding to a some sort of customer snafu.... read that post and do what he/she did.


I dont use pokertracker (Murica) and dont have any idea who wrote that/lead the response effort, but this is how to respond to such things.

picture perfect. very well done.
it was signed derek charles so is it not safe to assume he is a he? good response...from both of derek's 2+2 accounts
Stupor is offline   Reply With Quote
Old 08-27-2019, 01:11 AM   #8
Sir Huntington
veteran
 
Sir Huntington's Avatar
 
Join Date: May 2009
Posts: 2,187
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by TRT Boss View Post
such a large company.
This part was funny. How big do you think Pokertraker is in a declining market where they charge at most $200 for their product?



You have no scope for business or money bro.
Sir Huntington is offline   Reply With Quote
Old 08-27-2019, 06:14 AM   #9
mephisto
Pooh-Bah
 
mephisto's Avatar
 
Join Date: Feb 2006
Location: Canada
Posts: 5,311
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Unfortunately I am affected by this. Any tips other than checking your transactions carefully?
mephisto is offline   Reply With Quote
Old 08-27-2019, 07:00 AM   #10
PTLou
Jellybean
 
PTLou's Avatar
 
Join Date: Nov 2008
Location: Charlotte, NC
Posts: 4,754
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by Stupor View Post
it was signed derek charles so is it not safe to assume he is a he? good response...from both of derek's 2+2 accounts
woops and humorous post.

skipped over that in official response.

George Kastanza and PTlou.... Lord of the Idiots.

Well done Mr. Derek Charles. Much skill you have.
PTLou is offline   Reply With Quote
Old 08-27-2019, 08:46 AM   #11
APerfect10
old hand
 
Join Date: Jan 2005
Location: Philadelphia, PA
Posts: 1,273
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by mephisto View Post
Unfortunately I am affected by this. Any tips other than checking your transactions carefully?
First, I am very sorry that you are impacted and inconvenienced by this.

We cannot prove or refute that your card information was intercepted therefore it is best to remain vigilant and be proactive.

Please contact the telephone number on the back of your credit card to contact the issuing bank of the card. Notify them that your card information was potentially breached and they should be able to provide you with options. They may be willing to cancel the card and obtain a replacement card (along with all of the hassles of doing that). It doesn't hurt to call them to learn what your options are.

Best regards,

Derek
APerfect10 is offline   Reply With Quote
Old 08-27-2019, 08:54 AM   #12
golfbum983
old hand
 
Join Date: Apr 2013
Posts: 1,384
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Iím sorry if I missed you say if you have done this or not but have you sent out a mass email to everyone affected ?

Not everyone is reading nvg these days and shoid be made aware
golfbum983 is online now   Reply With Quote
Old 08-27-2019, 09:20 AM   #13
OldManDecaf
journeyman
 
Join Date: Apr 2019
Posts: 263
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
recently used on the British Airways website to skim card details along with many others
For which they have been fined (subject to appeal) £183 million by the UK ICO.

OldManDecaf is offline   Reply With Quote
Old 08-27-2019, 09:41 AM   #14
rickroll
oddly catty
 
rickroll's Avatar
 
Join Date: Aug 2011
Location: serene, serene, puissant, puissant
Posts: 7,082
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Yeah it's really messed up that you didn't notify all customers immediately upon realizing the issue.

This is Nixon all over again.
rickroll is offline   Reply With Quote
Old 08-27-2019, 10:33 AM   #15
TRT Boss
centurion
 
Join Date: Nov 2018
Posts: 144
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by Sir Huntington View Post
This part was funny. How big do you think Pokertraker is in a declining market where they charge at most $200 for their product?



You have no scope for business or money bro.

Yeah my answer wasnt detailed. At least I could made you happy because you could use the opportunity to berate me :P I wish I was as smart as you.

I obviously meant in poker, I am almost as big of an idiot as you think but slightly less.

But which company that sells software in POKER are:
1. bigger $ wise
2. have more customers
3. have a better reputation and longer existing?

than hm+pt together?


I just implied if thats the practice with a company this highly ranked in poker community I couldnt even imagine what the practicises are with other developers.
TRT Boss is offline   Reply With Quote
Old 08-27-2019, 10:40 AM   #16
PTLou
Jellybean
 
PTLou's Avatar
 
Join Date: Nov 2008
Location: Charlotte, NC
Posts: 4,754
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by TRT Boss View Post

But which company that sells software in POKER are:
1. bigger $ wise
2. have more customers
3. have a better reputation and longer existing?

than hm+pt together?
.
check mate @sirhuntington no more chess for you.
PTLou is offline   Reply With Quote
Old 08-27-2019, 10:48 AM   #17
Sir Huntington
veteran
 
Sir Huntington's Avatar
 
Join Date: May 2009
Posts: 2,187
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

^^^ LOL

Quote:
Originally Posted by TRT Boss View Post
Yeah my answer wasnt detailed. At least I could made you happy because you could use the opportunity to berate me :P I wish I was as smart as you.

I obviously meant in poker, I am almost as big of an idiot as you think but slightly less.

But which company that sells software in POKER are:
1. bigger $ wise
2. have more customers
3. have a better reputation and longer existing?

than hm+pt together?


I just implied if thats the practice with a company this highly ranked in poker community I couldnt even imagine what the practicises are with other developers.
Rereading it, my post came off kinda dickish at the end. My bad.
Sir Huntington is offline   Reply With Quote
Old 08-27-2019, 11:13 AM   #18
APerfect10
old hand
 
Join Date: Jan 2005
Location: Philadelphia, PA
Posts: 1,273
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by golfbum983 View Post
Iím sorry if I missed you say if you have done this or not but have you sent out a mass email to everyone affected ?

Not everyone is reading nvg these days and shoid be made aware
Yes, all affected customers have been notified via email.

Best regards,

Derek
APerfect10 is offline   Reply With Quote
Old 08-27-2019, 03:44 PM   #19
mephisto
Pooh-Bah
 
mephisto's Avatar
 
Join Date: Feb 2006
Location: Canada
Posts: 5,311
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Just cancelled the affected credit card and getting a new one in 7-10 business days. No need to check transactions days/months from now. I suggest the rest of the people affected do the same.


Sent from my iPhone using Tapatalk Pro
mephisto is offline   Reply With Quote
Old 08-27-2019, 09:08 PM   #20
Tilt_Box
newbie
 
Join Date: Dec 2018
Posts: 41
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

For anyone interested in a more technical write-up
https://blog.malwarebytes.com/threat...ng-poker-face/
Tilt_Box is offline   Reply With Quote
Old 08-29-2019, 07:19 AM   #21
TRT Boss
centurion
 
Join Date: Nov 2018
Posts: 144
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by APerfect10 View Post
Yes, all affected customers have been notified via email.

Best regards,

Derek

1. when did you send out the emails to those affected??
2. why are so certain only those were affected? Isn't it better security standard to tell everyone, just in case?
3. why they injected the malicious JS in Pokertracker4 community if they knew they can't get any credit card numbers there?
4. why you so certain they couldn't look into someone's database / hole cards?
TRT Boss is offline   Reply With Quote
Old 08-29-2019, 08:16 AM   #22
kewl_cph
adept
 
Join Date: Jan 2006
Location: Denmark
Posts: 733
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

I purchased a license to PT4 February 13th.
June 3rd I was contacted by my bank that they could see authorisations from a suspicious merchant and that they had blocked my card. They told me I could probably expect fraudulent charges to hit my account shortly.
June 4th my card was hit by three charges of 370 Saudi Arabian riyals from a merchant called "ITUNES.COM/BILL".
I disputed the charges, got my money back and haven't heard any further (i.e. the merchant didn't challenge it).
kewl_cph is offline   Reply With Quote
Old 08-29-2019, 08:18 AM   #23
rickroll
oddly catty
 
rickroll's Avatar
 
Join Date: Aug 2011
Location: serene, serene, puissant, puissant
Posts: 7,082
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Poker tracker... This is absurd you didn't send an email to everyone immediately instead of quietly fixing it. By covering it up you transformed from a victim to a co-conspirator.

You still are not aware of the implications behind your actions based on your tepid and defensive response here.
rickroll is offline   Reply With Quote
Old 08-29-2019, 10:26 AM   #24
APerfect10
old hand
 
Join Date: Jan 2005
Location: Philadelphia, PA
Posts: 1,273
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Originally Posted by TRT Boss View Post
1. when did you send out the emails to those affected??
2. why are so certain only those were affected? Isn't it better security standard to tell everyone, just in case?
3. why they injected the malicious JS in Pokertracker4 community if they knew they can't get any credit card numbers there?
4. why you so certain they couldn't look into someone's database / hole cards?
1. Emails were sent out to all potentially affected customers within 24 hours of learning which customers were impacted.

2. We were able to narrow the date of the hack to between December 23, 2018 and January 2, 2019. The site was clean on December 23rd and was infected on January 2nd. Furthermore, we know the exact time that the attack was eliminated from the website on August 8th. Therefore, we emailed everyone that entered credit card information on our site and was potentially impacted from December 23rd (known clean) through August 8th (when the attack was neutralized).

3. It was injected into the footer of the website which is loaded on every page of the website which also includes the PokerTracker community page since that loads the same footer. It is not possible for JavaScript in the community page to access your PokerTracker 4 data.

4. This was a JavaScript attack on the website. It was not an attack on the PokerTracker 4 software. It is literally impossible for this JavaScript on the website to access your PokerTracker 4 data or your poker clients. Furthermore, Malwarebytes security team studied the attack and could precisely see what they were doing -- skimming credit card data.

Best regards,

Derek
APerfect10 is offline   Reply With Quote
Old 08-29-2019, 12:24 PM   #25
alkaatch
journeyman
 
Join Date: Mar 2014
Location: Pilsen, Czech Republic
Posts: 351
Re: PokerTracker.com Hacked to Inject Payment Card Stealing Script

Quote:
Poker tracker... This is absurd you didn't send an email to everyone immediately instead of quietly fixing it. By covering it up you transformed from a victim to a co-conspirator.

You still are not aware of the implications behind your actions based on your tepid and defensive response here.
+1
I got a spam email from you about your problem with PartyPoker banning HHs, but no info on potential CC hack. Dont know if this is sad or funny, but it is not good.
Will probably re-activate my Hand2Note licence instead of contining with PT4 after this.
alkaatch is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Forum Jump


All times are GMT -4. The time now is 08:38 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright © 2008-2017, Two Plus Two Interactive
 
 
Poker Players - Streaming Live Online