WARNING - Betfair account hacked / fraud

News, chat and debate about the Betfair betting exchange.
Post Reply
Iron
Posts: 6793
Joined: Fri Dec 11, 2009 10:51 pm

Hi Tony

I don't know what their MO is. I was just putting forward what seemed to me to be a plausible theory. :)

Yes, it's odd that they didn't try hacking into people's Paypal accounts, etc (although maybe they thought that Paypal would take security more seriously than Betfair, who would simply shrug their shoulders and say to the customer 'Sorry, nothing we can do about it! Better luck next time!'). :evil:

But let's say that the breach wasn't caused by them hacking into someone's computer. The logical alternative is that they hacked into Betfair itself. The problem with that theory, however, is that:

A. Presumably Betfair's password file is so well encrypted that even the CIA would struggle to work out your password.

B. Why only target a smattering of accounts, rather than go at as many high-value accounts at once, before word gets out about the breach and people change their passwords?

Jeff
to75ne wrote:jeff,

is there any evidence that they have accessed anyone,s pc?
PeterLe
Posts: 3602
Joined: Wed Apr 15, 2009 3:19 pm

How secure is a VPS ?
Thanks
Peter
User avatar
Euler
Posts: 21018
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ
Contact:

People seem to have forgotten that the entire Betfair database was stolen not so long ago and they didn't even know. Betfair swept that under the carpet and offered virtually no comment on it.

http://www.telegraph.co.uk/finance/news ... theft.html

For all we know the same security flaw still exists. Given such a massive breech you would think Betfair would jump at the chance to tighten security. There is a huge database of customer details out there that the hackers have had a year to work on.
Iron
Posts: 6793
Joined: Fri Dec 11, 2009 10:51 pm

As part of my induction in my new job, I did a module on data protection.

I found out that, a while back, a bank (I can't remember which one) was fined about a million pounds because of a non-malicious security breach involving customer data. If I recall, someone downloaded every customer's personal info details to a DVD and took it home, or something along similar lines.

Maybe Betfair need that kind of kick up of ar$e to make them wake up about security!

Jeff
Euler wrote:People seem to have forgotten that the entire Betfair database was stolen not so long ago and they didn't even know. Betfair swept that under the carpet and offered virtually no comment on it.

http://www.telegraph.co.uk/finance/news ... theft.html
spreadbetting
Posts: 3140
Joined: Sun Jan 31, 2010 8:06 pm

Euler wrote:People seem to have forgotten that the entire Betfair database was stolen not so long ago and they didn't even know. Betfair swept that under the carpet and offered virtually no comment on it.

http://www.telegraph.co.uk/finance/news ... theft.html

For all we know the same security flaw still exists. Given such a massive breech you would think Betfair would jump at the chance to tighten security. There is a huge database of customer details out there that the hackers have had a year to work on.

"An "Incident Report to Regulators", dated July 15, 2010, explains that the thieves' haul included "approximately 850,000 unexpired credit card details" – a large number in relation to the company's current 949,000 "active users", or regular gamblers.

"We have taken the prudent view that the criminal has the expertise to decrypt the payment card details," Betfair admitted, though stressed that the "CVV2/CVC security numbers" were not stolen. "



As far as I was aware Betfair shouldn't be storing CVV2/CVC numbers anyway????

"Mr Catlett is thought to have been in charge of the security team since just before the breach on March 14, 2010, since when there has been considerable upheaval within the department, with the departure of more than 20 security personnel.

They have included Marcus Pinto, head of application security, Stephen Kapp, an application security specialist, and Fiona Fryer, data protection manager.

The spokesman said that during Mr Catlett's "time with us he has been upgrading the team significantly and bringing in new, highly experienced people, hence the departures".

One Betfair insider said that the departures meant that "almost all the senior security specialists who knew the systems best have now left".
User avatar
superfrank
Posts: 2762
Joined: Fri Aug 14, 2009 8:28 pm

a woman in charge of data protection... most of them can't stop losing their handbags!!
User avatar
LeTiss
Posts: 5058
Joined: Fri May 08, 2009 6:04 pm

PeterLe wrote:How secure is a VPS ?
Thanks
Peter
I've often thought that Peter.
You wonder whether there's an open window for hackers to capture information
chuck536
Posts: 205
Joined: Fri Aug 20, 2010 4:41 pm

maybe betfair should offer an option to send out those random log in generators.... like you get from the bank.... they'd love this if they could offer to sell them and make even more money off their customers... im a tight arse but id buy one for sure just to make sure my account wasnt emptied
Alpha322
Posts: 820
Joined: Fri Oct 30, 2009 4:45 pm

jimrobo wrote:this is very disconcerting. Especially as it happened to Sam. All of a sudden it got real.

I am definately dropping my balance down after cheltenham
I done that today and i make weekly withdrawals when they are healthy
Alpha322
Posts: 820
Joined: Fri Oct 30, 2009 4:45 pm

Ferru123 wrote:Does anything think that the forum itself might pose a security risk?

Let's say that you're a regular poster here, and it's clear from your posts that you're successful. And let's say that your forum username is the same as your Betfair username.


Jeff
Now that would be a very very dumb trader :lol:
Post Reply

Return to “Betfair exchange”