I don't know what their MO is. I was just putting forward what seemed to me to be a plausible theory.
Yes, it's odd that they didn't try hacking into people's Paypal accounts, etc (although maybe they thought that Paypal would take security more seriously than Betfair, who would simply shrug their shoulders and say to the customer 'Sorry, nothing we can do about it! Better luck next time!').
But let's say that the breach wasn't caused by them hacking into someone's computer. The logical alternative is that they hacked into Betfair itself. The problem with that theory, however, is that:
A. Presumably Betfair's password file is so well encrypted that even the CIA would struggle to work out your password.
B. Why only target a smattering of accounts, rather than go at as many high-value accounts at once, before word gets out about the breach and people change their passwords?
is there any evidence that they have accessed anyone,s pc?