URGENT - CHECK YOUR ACCOUNTS - MINE HACKED AGAIN LAST NIGHT

[to75ne]

Thanks
Galilee66

Put your password in wrong several times and your account will immediately be locked and unacceptable.

Ring betfair on 0344 871 0000 to unlock when you want to use it again[/quote]

H,
how do betfair explain how or why your password was reset, enabling these thiefs to attempt to steal your money?

your password was disabled at the time (you disabled lasst time you closed it down), whats their excuse for your account being enabled?

i am concerned (obviously) and curious

tony

[hgodden]

to75ne

Maybe I didn't explain it clearly... my account was open at the time (I had forgotten to lock it for once )

[to75ne]

to75ne

Maybe I didn't explain it clearly... my account was open at the time (I had forgotten to lock it for once )

yeah yer did - its me - did not read properly plus being stupid does not help

hope all is now ok

[Galilee66]

Thanks Hgodden
Hope you don't have any more problems.
Galilee66

[JollyGreen]

I had the same problem but they didn't get into my account(s).

My passwords are generated using a password manager, they are long and use every combination of letter, number and special character. Thankfully that was enough to prevent access. The first I knew of it was the e-mail saying I had asked for my password to be reset. I knew I hadn't done that and I have heard that an online account can be vulnerable when a reset procedure is in operation.

I didn't click the link, I just changed the password manually and added Google authentication.

[hgodden]

Thanks guys

JollyG - when did this happen to you? Recently? My password was also extremely complicated and I always enter it in a very jumble up fashion, so it's clear to me that they got it from somewhere. My betfair account is the only thing that seems to be compromised, so I can only think that the leak is most likely to have happened there.

[JollyGreen]

Thanks guys

JollyG - when did this happen to you? Recently? My password was also extremely complicated and I always enter it in a very jumble up fashion, so it's clear to me that they got it from somewhere. My betfair account is the only thing that seems to be compromised, so I can only think that the leak is most likely to have happened there.

Yes, it happened on Thursday. I do not type in the password because Key-loggers can catch it. It is entered using an encrypted password manager with local encryption. I use Lastpass and a Yubikey verification USB drive and now I have also added Google authentication.

[hgodden]

Thanks guys

JollyG - when did this happen to you? Recently? My password was also extremely complicated and I always enter it in a very jumble up fashion, so it's clear to me that they got it from somewhere. My betfair account is the only thing that seems to be compromised, so I can only think that the leak is most likely to have happened there.

Yes, it happened on Thursday. I do not type in the password because Key-loggers can catch it. It is entered using an encrypted password manager with local encryption. I use Lastpass and a Yubikey verification USB drive and now I have also added Google authentication.

Wow that is a coincidence Have you detected any attempted break ins of other sites etc, or just betfair?

Thanks for the links to those encryption services, I'll look into them for sure

[JollyGreen]

Wow that is a coincidence Have you detected any attempted break ins of other sites etc, or just betfair?

Thanks for the links to those encryption services, I'll look into them for sure

Just Betfair, that is where they assume the money will be.

[JollyGreen]

I just wanted to add I had no idea other users had been hacked. I have been all over the place this past week with illness so had done very little in the markets. That was why I picked up on the hack, there was a "reset password request" e-mail so I immediately smelled a rat.

When I chatted with Peter about it he said "have you seen the forum" and by sheer coincidence I was reading the post.

It is very worrying that these people are out there with serious knowledge and are trying hard to hack our accounts. I strongly urge every user to add Google authentication and consider a password generator and manager like Lastpass - the latter is free and you only pay if you want it on your smartphone.

[Rinoa]

Maybe Betfair clients are targetted because accessing accounts is easier.

When I log in to internet banking they ask for say, the 3rd, 5th and 9th character of my password, which they offer on drop down lists where the correct character is just clicked. So key stroke copying is not possible.

Also curious is that on a relatively small forum 2 members have been targetted who have substantially more in their account than the average punter.

[Zapata]

Sorry to hear of your hassles HG.

Not sure how relevant this but some weird things have been going on lately and I believe it may have been an attempt to get my BF username and password.

I will list them in order rather than try to be eloquent.

Received email in my junk telling me PayPal had received funds for me.

Did not press any links but got info from the email text and carried out a search in google for 'bankers-exposed'

Via google opened the link and it was one of those places that did not want to close

Shut down browser using Task Manager and restarted PC

After checking PayPal (no extra funds) I forgot about it.

Over next few days occasionally noticed links giving errors - not enough to cause alarm

Went to open Betfair site using chrome and the screen had changed from the black/yellow with a different style and my username needed entering (which I did). At the password entry the text was visible and not hidden - this was where alarm bells went off, so went no further.

Tried in IE instead of chrome (which I always use) and all was normal.

Was this an attempt to get my details? I have not got a clue???

Removed all chrome cookies and carried out a system clean up using WinZip.

Everything is now back to normal, no errors opening links and normal Betfair black/yellow screen with hidden password while typing.

Changed password.

Just had another email reminding me about the money received in PayPal - Deleted it.

[hgodden]

JollyG - Sorry to hear you've had a rough week. That's useful info for sure. Everything at my end is going to be like Fort Knox from now on, no way this is happening again

Rinoa - I really don't think it's got anything to do with this forum, the last time there were a spate of hacks into people's accounts many users of other software were also 'victims' (I hesitate to use that word) and not just betangel users

Zapata - That doesn't sound anything like my experience, but there are so many different ways cyber criminals try to get in that one gets the impression that the authorities are almost helpless against it all at time.

Neteller say they are investigating to try to identify and locate the individual responsible, I don't think it would be wise to write here what Betfair are doing about it

[andyfuller]

consider a password generator and manager like Lastpass - the latter is free and you only pay if you want it on your smartphone.

Never really looked at using these password generators. Can anyone explain a little how they work? Also what happens if they get your password generator password or if the company providing the password generating service is hacked?

[JollyGreen]

consider a password generator and manager like Lastpass - the latter is free and you only pay if you want it on your smartphone.

Never really looked at using these password generators. Can anyone explain a little how they work? Also what happens if they get your password generator password or if the company providing the password generating service is hacked?

The only way someone could get your master password is for them to get hold of your Laptop/PC and then try to hack the password. The supplying company has no access to your master password, all encryption is performed locally hence the hacker needed direct access to your machine.

If you add in a Yubikey, they need to have your machine, your Yubikey and then they also have to hack your master password.