String of recently hacked accounts, PROTECT SELF ASAP

I recently had my account hacked and $12-13k (my entire online roll) was dumped at hightakes. The security investigation is still underway.

I notice there has been a string of recent attacks with some important similarities:

Some if not all of us were breached by the hacker gaining access to our pokersite-linked email accounts and using those accounts to reset our poker password.
lesson: immediately create a new email address, as secure as possible, and use it ONLY for your pokersite. Ensure this new address has no connection whatsoever to any other account, website, etc INCLUDING LISTING A SECONDARY EMAIL.


Some if not all of us had forum names that matched our poker names or email accounts, or had our SNs outed on the forums.
Lesson: change your account information on poker forums so it definitely gives no information to hackers. Preferably lie your face off, then create a new forum account. Sucks if you have 5000 posts and are well known, but if it might prevent this happening to you, it's worth it.

None of us had the stars RSA token.
Lesson: Get it. Now. Someone or some group IS actively trying to access the accounts of winning players, and that (hopefully) means you.

Many/all of us had decent antivirus/firewall software.
Lesson: this is not enough. The information needed to access our accounts is being found one way or another. Do EVERYTHING you can to plug security leaks. Become paranoid. I'd compare these attacks within the relatively small poker pro community with having a rapist/murderer/arsonist living in your quiet mountain village. And that would make me pretty damned justifiably paranoid.

All of us had more money online than we really needed. I play mostly 100nl and sometimes 200. I had over 60 buyins at the highest stake I play, which is not necessary.
Lesson: Your money is safer in a bank than it is in your poker account, PERIOD.

[oskar]

oh crap... good luck with that.
And thanks for the warning... and you're right... I have much more than is necessary online too. Will cash out asap.

[pokerfan]

Wow,so sad to hear about this story.Did pokerstars give your stolen money back? Personally,I never type password from the keyboard and always use additional security code to log in to my account.Also,I think that you really put too much money in your account on stars. Hope you get your money back ASAP.

[Warpe]

Keeping your SN secret is less important than keeping your e-mail addy under wraps. Remove it from your FTR profile if you have it posted there. Hackers have mined FTR and other forums before for this information.

Time for a bump:
http://www.flopturnriver.com/phpBB2/...55.html#676608

[Jason]

I worry about this. I don't like the fact that my poker account uses my screenname as my login name. A hacker can just sit there and try to guess your password. There should be an option for your LOGIN name to be something different than your screename. I also agree securing your email connected to the account is critical. Unfortunately, the hacker has two avenues to hack to gain access to your account - the site with your username and your email.

[flomo]

that sucks.

sorry for your loss.

[mcatdog]

That sucks. The most important advice in this thread is to get a pokersite only e-mail address and get an RSA token. Anyone who doesn't at least do this is just asking to get hacked.

Having a public screenname has some nice benefits and I don't think it's worth it to hide your names.

[Jason]

Explain how the RSA token works. Does it ever expire?

[daven]

that sucks dude

Explain how the RSA token works. Does it ever expire?

http://en.wikipedia.org/wiki/SecurID
Stars has this, FT don't. I don't know about the other big sites.

Full Tilt have the option of using your e-mail address to log in + adding a 3-card pin to your account login process. Just click "security" in the client.

I'm about to look at the options on party now, cos that site/account feels most vulnerable.

[Miffed22001]

without knowing who has been hacked -

are they all players who are the top winners in games that are followed by pokertableratings ?
Too much advertisement of how much money youre going to have in your account - best argument yet to have that site shut.

Really bad to see this has happened to you - hope you recover from it quickly

[Shifubowa]

I'm about to look at the options on party now, cos that site/account feels most vulnerable.

Coming soon.

[BankItDrew]

are they all players who are the top winners in games that are followed by pokertableratings ?
Too much advertisement of how much money youre going to have in your account - best argument yet to have that site shut.

I couldn't agree more.

It's no ones business but my own unless I wish to disclose the amount of money I have or don't have in any account anywhere.

[jyms]

My Party log in does not match my player ID on the tables. Nobody knows my Party log in name. So combining that with my eamil would be very tough. I also disconnected my email from my personal email as well and have a poker email only with a very intense password.

[bigspenda73]

Seems like it's a lot of 10-20k accounts that get hacked + chipdumped

I read on HSNL on 2p2 about HS players getting their AIMs hacked but it seems their stars accounts never get touched, not really sure if there's a point here, but it's interesting.

[bjsaust]

Yeah, my stars/FT names are bjsaust, really disappointed I cant change them now. No money on them atm though, and I use secure passwords for all my sites (I left a site that wouldn't let me change my own password).

My Party display name and username are the same. I'm still not sure how Jyms got them different, I should look into that. Fortunately only a handful of people know my username there.

Party secure token would be awesome, I'd pay for that for sure.