A few days ago I noticed in the security log an IP address from Brazil had tried to get into my betfair account. Then noticed this morning an IP from Indonesia has had a failed login too. I have 2FA setup.
Is this common for the rest of you guys? Should I request a new username from betfair?
Hackers trying my BF account
Had 4 failed logins in total today already, I don't run a VPS.
Edit: If you want to check yourselves go to My account>my details>security settings there is a list of login attempts.
I'd request a new username from Betfair, just to be safe.ps1967 wrote: ↑Mon Oct 29, 2018 4:53 pmA few days ago I noticed in the security log an IP address from Brazil had tried to get into my betfair account. Then noticed this morning an IP from Indonesia has had a failed login too. I have 2FA setup.
Is this common for the rest of you guys? Should I request a new username from betfair?
Three questions, why is it normal to have failed attempts now and then?
Why does a VPS mean you get thousands of failed login attempts per day?
What is a ssh login?
My experience is that it is not normal and your username is compromised.
When it comes to SSH (we are now not talking about betfair), lots of bot nets will look for open ports (22) and try and ssh using default usernames/passwords. Assuming you are using SSH keys for Auth you don’t need to worry.
I have a few failed login attempts at my BF account now and then, but less then ten per year.
Maybe it depends on your username.
If you get constant attempts then I would agree that this is suspicious and you should request a new login name (and also maybe think about why an attacker would know your username).
Other measures are a strong password and / or two factor authentification.
If it is just one attempt every other month then it is probably just someone randomly trying out username / password combinations.
But in this case I agree that the attempts are too frequent for random guessing.
Maybe it depends on your username.
If you get constant attempts then I would agree that this is suspicious and you should request a new login name (and also maybe think about why an attacker would know your username).
Other measures are a strong password and / or two factor authentification.
If it is just one attempt every other month then it is probably just someone randomly trying out username / password combinations.
But in this case I agree that the attempts are too frequent for random guessing.
-
- Posts: 15
- Joined: Sat Jun 18, 2011 2:12 pm
I had my account hacked and a few losing bets made which cleaned it out (only 500 pounds) a couple of months ago. betfair actually refunded the money which was appreciated. the bit i didnt quite understand is what betfair do with the people on the other side of of my losing bets who are obviously in on it. i have kept my username but started using two factor authentication
That's something I'd love to know. It should be easy for them to gather evidence with IP addresses of the hackers and the account information of the account the money was effectively transferred to.mandymoozle wrote: ↑Thu Nov 01, 2018 8:52 amI had my account hacked and a few losing bets made which cleaned it out (only 500 pounds) a couple of months ago. betfair actually refunded the money which was appreciated. the bit i didnt quite understand is what betfair do with the people on the other side of of my losing bets who are obviously in on it. i have kept my username but started using two factor authentication
-
- Posts: 245
- Joined: Fri Sep 10, 2010 7:08 pm
Anyone hacked or tried to be hacked had login via email turned on? I'd imagine that's where most hackers would gain access.
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
It's easy to spoof your IP and fake accounts can be set up using stolen information. It's not easy to catch them, it's why so many people do it.
Surely bank accounts registered with Betfair have to be in the name of the account holder, and usually you can't withdraw money until you've passed the KYC checks?
It's certainly difficult for a genuine user to open an account, deposit funds and withdraw them legitimately!
It's certainly difficult for a genuine user to open an account, deposit funds and withdraw them legitimately!