WARNING - Betfair account hacked / fraud
-
superfrank
- Posts: 2762
- Joined: Fri Aug 14, 2009 8:28 pm
but if someone has your password then surely they can shift the money back into the main a/c or cancel any bets?
something I stumbled on by accident and I've been doing for a while is this. withdraw all your balance by bank transfer and then deposit it back into your account from your debit card. Now they won't let you withdraw anything apart from back onto your card until that balance has been cleared back onto your card. When that reaches zero repeat the whole process again.
Of course that doesn't stop them putting a huge bet for your entire balance should they get your password
Of course that doesn't stop them putting a huge bet for your entire balance should they get your password
Does anything think that the forum itself might pose a security risk?
Let's say that you're a regular poster here, and it's clear from your posts that you're successful. And let's say that your forum username is the same as your Betfair username.
If a hacker could get access to the server on which the forum is hosted, could they not find out what IP address you're connecting from?
And if they have your username and your IP address, are they not halfway to being able to get into your account?
That's not a rhetorical question, btw - I don't know enough about computer networks to say how useful a tool to hackers someone's IP address is in terms of gaining access to their computer and (say) installing a key logger.
Any thoughts?
Jeff
Let's say that you're a regular poster here, and it's clear from your posts that you're successful. And let's say that your forum username is the same as your Betfair username.
If a hacker could get access to the server on which the forum is hosted, could they not find out what IP address you're connecting from?
And if they have your username and your IP address, are they not halfway to being able to get into your account?
That's not a rhetorical question, btw - I don't know enough about computer networks to say how useful a tool to hackers someone's IP address is in terms of gaining access to their computer and (say) installing a key logger.
Any thoughts?
Jeff
-
spreadbetting
- Posts: 3140
- Joined: Sun Jan 31, 2010 8:06 pm
I doubt the hackers need to go to those lengths or target individual accounts, Jeff. Whatever they're doing now seems to be working fine for them, judging by the amount of accounts getting hacked.
All the stuff I've seen suggests they have the username and password before going in , no unsuccessful logins just straight in.
All the stuff I've seen suggests they have the username and password before going in , no unsuccessful logins just straight in.
But we don't know what it is they're doing, or how much trouble they're putting themselves to.spreadbetting wrote:Whatever they're doing now seems to be working fine for them, judging by the amount of accounts getting hacked.
Let's say a hacker has a bunch of IP addresses, relating to particular forum IDs. If they see that a particular person has recently posted about a day where they earned a grand, they might think 'This seems as good a starting place as any'.
And even if that person's forum username is different to their Betfair username, I'd have thought that, once a hacker has access to someone's computer, it wouldn't be too hard to find out what their Betfair username is...
Jeff
jeff,
is there any evidence that they have accessed anyone,s pc?
in my case, i doubt that did but i could not swear on the bible they did not. i believe they are hacking betfair myself, although i have no evidence. betfair would seem to be the common denominator.
my bank accounts, amazon account, paypal accounts etc have never been robbed. i would have thought if they go to the trouble of ripping your betfair id via your ip address, they would also have at a crack at my bank etc.
is there any evidence that they have accessed anyone,s pc?
in my case, i doubt that did but i could not swear on the bible they did not. i believe they are hacking betfair myself, although i have no evidence. betfair would seem to be the common denominator.
my bank accounts, amazon account, paypal accounts etc have never been robbed. i would have thought if they go to the trouble of ripping your betfair id via your ip address, they would also have at a crack at my bank etc.
My thoughts exactly, Betfair need to rule themselves out of the equation first. They are the only common denominator so there is seems to a problem there.to75ne wrote:my bank accounts, amazon account, paypal accounts etc have never been robbed. i would have thought if they go to the trouble of ripping your betfair id via your ip address, they would also have at a crack at my bank etc.
Hi Tony
I don't know what their MO is. I was just putting forward what seemed to me to be a plausible theory.
Yes, it's odd that they didn't try hacking into people's Paypal accounts, etc (although maybe they thought that Paypal would take security more seriously than Betfair, who would simply shrug their shoulders and say to the customer 'Sorry, nothing we can do about it! Better luck next time!').
But let's say that the breach wasn't caused by them hacking into someone's computer. The logical alternative is that they hacked into Betfair itself. The problem with that theory, however, is that:
A. Presumably Betfair's password file is so well encrypted that even the CIA would struggle to work out your password.
B. Why only target a smattering of accounts, rather than go at as many high-value accounts at once, before word gets out about the breach and people change their passwords?
Jeff
I don't know what their MO is. I was just putting forward what seemed to me to be a plausible theory.
Yes, it's odd that they didn't try hacking into people's Paypal accounts, etc (although maybe they thought that Paypal would take security more seriously than Betfair, who would simply shrug their shoulders and say to the customer 'Sorry, nothing we can do about it! Better luck next time!').
But let's say that the breach wasn't caused by them hacking into someone's computer. The logical alternative is that they hacked into Betfair itself. The problem with that theory, however, is that:
A. Presumably Betfair's password file is so well encrypted that even the CIA would struggle to work out your password.
B. Why only target a smattering of accounts, rather than go at as many high-value accounts at once, before word gets out about the breach and people change their passwords?
Jeff
to75ne wrote:jeff,
is there any evidence that they have accessed anyone,s pc?
People seem to have forgotten that the entire Betfair database was stolen not so long ago and they didn't even know. Betfair swept that under the carpet and offered virtually no comment on it.
http://www.telegraph.co.uk/finance/news ... theft.html
For all we know the same security flaw still exists. Given such a massive breech you would think Betfair would jump at the chance to tighten security. There is a huge database of customer details out there that the hackers have had a year to work on.
http://www.telegraph.co.uk/finance/news ... theft.html
For all we know the same security flaw still exists. Given such a massive breech you would think Betfair would jump at the chance to tighten security. There is a huge database of customer details out there that the hackers have had a year to work on.
As part of my induction in my new job, I did a module on data protection.
I found out that, a while back, a bank (I can't remember which one) was fined about a million pounds because of a non-malicious security breach involving customer data. If I recall, someone downloaded every customer's personal info details to a DVD and took it home, or something along similar lines.
Maybe Betfair need that kind of kick up of ar$e to make them wake up about security!
Jeff
I found out that, a while back, a bank (I can't remember which one) was fined about a million pounds because of a non-malicious security breach involving customer data. If I recall, someone downloaded every customer's personal info details to a DVD and took it home, or something along similar lines.
Maybe Betfair need that kind of kick up of ar$e to make them wake up about security!
Jeff
Euler wrote:People seem to have forgotten that the entire Betfair database was stolen not so long ago and they didn't even know. Betfair swept that under the carpet and offered virtually no comment on it.
http://www.telegraph.co.uk/finance/news ... theft.html
-
spreadbetting
- Posts: 3140
- Joined: Sun Jan 31, 2010 8:06 pm
Euler wrote:People seem to have forgotten that the entire Betfair database was stolen not so long ago and they didn't even know. Betfair swept that under the carpet and offered virtually no comment on it.
http://www.telegraph.co.uk/finance/news ... theft.html
For all we know the same security flaw still exists. Given such a massive breech you would think Betfair would jump at the chance to tighten security. There is a huge database of customer details out there that the hackers have had a year to work on.
"An "Incident Report to Regulators", dated July 15, 2010, explains that the thieves' haul included "approximately 850,000 unexpired credit card details" – a large number in relation to the company's current 949,000 "active users", or regular gamblers.
"We have taken the prudent view that the criminal has the expertise to decrypt the payment card details," Betfair admitted, though stressed that the "CVV2/CVC security numbers" were not stolen. "
As far as I was aware Betfair shouldn't be storing CVV2/CVC numbers anyway????
"Mr Catlett is thought to have been in charge of the security team since just before the breach on March 14, 2010, since when there has been considerable upheaval within the department, with the departure of more than 20 security personnel.
They have included Marcus Pinto, head of application security, Stephen Kapp, an application security specialist, and Fiona Fryer, data protection manager.
The spokesman said that during Mr Catlett's "time with us he has been upgrading the team significantly and bringing in new, highly experienced people, hence the departures".
One Betfair insider said that the departures meant that "almost all the senior security specialists who knew the systems best have now left".