Betfair security issue - Sports Betting - SportsBetting Strategy and Forum

Two Plus Two Forums Sports and Games Sports Betting

Betfair security issue

Post Reply Subscribe

...

01-13-2015 , 07:37 AM

Marcos Sketch

adept

Join Date: Aug 2008 Posts: 882

Sorry if it's not the right place to post, but on Betfair people can reset anyone's passwords by simply knowing their username and date of birth.

https://identitysso.betfair.com/view/recoverpassword

Considering both are often public info, this is a huge security issue imo.

Looks like it's still 1996 for some companies.

Last edited by Marcos Sketch; 01-13-2015 at 07:43 AM.

Quote

01-13-2015 , 08:10 AM

davmcg

veteran

Join Date: Jan 2003 Posts: 2,569

They claim that they now send an email with a link

http://forumserver.twoplustwo.com/28...olved-1496385/

Anyway you should set up 2-step authentication.

Quote

01-13-2015 , 10:14 AM

Marcos Sketch

adept

Join Date: Aug 2008 Posts: 882

Thanks Dav, I couldn't find that topic when I opened this one (Mods, please merge both)

Anyways it seems that they can really be stupid, because they didn't fix it. I was just able to reset my password without having access to my e-mail.

What they do is just send an email informing about what happened - but you don't need to confirm the changes! That isn't even close to fixing the issue.

====
"Hi Marcos,

I’m getting in touch to let you know about a change to your account that was made recently.

Here are the details:

The password for the account xxxxxxxxx was changed at 11:39 on 13/01/2015 (DD/MM/YYYY).

If it wasn’t you who made the change, you’ll need to get in touch with the Helpdesk ASAP via one of the contact us options.

If the change was made by you then don’t worry, you don’t need to do anything else.

If you’ve got any other questions, feel free to get in touch or visit our Help and Learning pages by clicking here.

Thanks
"

Quote

Post Reply Subscribe

...