Multiple unsuccessful attempts to hack into my Betfair account this morning. All with IPs from various different cities in the UK so perhaps someone from abroad using a VPN?
I only found out because I checked my past logins screen after Betfair forced a password change when I logged in just now.
I have two factor authentication turned on and it doesn't say whether they failed at password or 2FA level.
Betfair account hacking attempt
Login with an incorrect password and then with correct password, incorrect code. Check which ones get logged.jamesedwards wrote: ↑Sat Oct 14, 2023 12:44 pmMultiple unsuccessful attempts to hack into my Betfair account this morning. All with IPs from various different cities in the UK so perhaps someone from abroad using a VPN?
I only found out because I checked my past logins screen after Betfair asked me to change my password.
I have two factor authentication turned on and it doesn't say whether they failed at password or 2FA level.
Thanks for the heads up, and glad to hear they were unsuccessful.
It would be better if BF could confirm if they failed at password or 2FA
Although you'll be changing your password anyway it's certainly worth knowing how much information they had
It would be better if BF could confirm if they failed at password or 2FA
Although you'll be changing your password anyway it's certainly worth knowing how much information they had
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
- jamesedwards
- Posts: 2378
- Joined: Wed Nov 21, 2018 6:16 pm
Good idea Derek. I've just tried logging in with correct password but incorrect 2FA and it doesn't show up as a login attempt, failed or otherwise. So it seems they only had my username, and not password.
I know it's irrational, but I'm loath to contact Betfair about it, just in case they put some sort of security hold on my account.
I know it's irrational, but I'm loath to contact Betfair about it, just in case they put some sort of security hold on my account.
- jamesedwards
- Posts: 2378
- Joined: Wed Nov 21, 2018 6:16 pm
Further to the above for info;
> A failed login due to incorrect password will be logged on your 'security settings' page in Betfair, but will NOT produce an email alert.
> A failed login with correct password but failed 2FA attempt will NOT be logged on your 'security settings' page, but will produce an email alert.
> A change of password will produce an email alert.
> A failed login due to incorrect password will be logged on your 'security settings' page in Betfair, but will NOT produce an email alert.
> A failed login with correct password but failed 2FA attempt will NOT be logged on your 'security settings' page, but will produce an email alert.
> A change of password will produce an email alert.
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
IF (balance you might lose to a hacker * the risk of that %) > (the income you might lose if you're out of action * that risk %). THEN do ELSE don't.jamesedwards wrote: ↑Sat Oct 14, 2023 1:18 pmI know it's irrational, but I'm loath to contact Betfair about it, just in case they put some sort of security hold on my account.
Or something like that
- jamesedwards
- Posts: 2378
- Joined: Wed Nov 21, 2018 6:16 pm
I love people who think like this.ShaunWhite wrote: ↑Sat Oct 14, 2023 2:08 pmIF (balance you might lose to a hacker * the risk of that %) > (the income you might lose if you're out of action * that risk %). THEN do ELSE don't.jamesedwards wrote: ↑Sat Oct 14, 2023 1:18 pmI know it's irrational, but I'm loath to contact Betfair about it, just in case they put some sort of security hold on my account.
Or something like that
The Mrs just looks at me blankly, when I try to explain that the cat is going through a cost-benefit analysis equation in his head when deciding whether or not to get up for a thrown treat. One treat is not worth it, but throw another and it tips the balance in favour of getting up off his arse.
ShaunWhite wrote: ↑Sat Oct 14, 2023 2:08 pmIF (balance you might lose to a hacker * the risk of that %) > (the income you might lose if you're out of action * that risk %). THEN do ELSE don't.jamesedwards wrote: ↑Sat Oct 14, 2023 1:18 pmI know it's irrational, but I'm loath to contact Betfair about it, just in case they put some sort of security hold on my account.
Or something like that
Thanks for that. I was gonna test it myself but I'll just note that information.jamesedwards wrote: ↑Sat Oct 14, 2023 2:03 pmFurther to the above for info;
> A failed login due to incorrect password will be logged on your 'security settings' page in Betfair, but will NOT produce an email alert.
> A failed login with correct password but failed 2FA attempt will NOT be logged on your 'security settings' page, but will produce an email alert.
> A change of password will produce an email alert.
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
After your drama I worry if I click on the account security page by accident let alone try anything shady I certainly hope they notice I hit 'Back' in about 0.1secs if I accidentally click on one of the 'I'm an addict' links
- jamesedwards
- Posts: 2378
- Joined: Wed Nov 21, 2018 6:16 pm
They were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.
Derek, what painful process did you have to go through to change your username?
Derek, what painful process did you have to go through to change your username?
- ilovepizza82
- Posts: 502
- Joined: Thu Nov 02, 2017 3:41 pm
- Location: Sewers
- Contact:
If it was attack from different UK locations then I doubt vpn or vps was used.jamesedwards wrote: ↑Sat Oct 14, 2023 12:44 pmMultiple unsuccessful attempts to hack into my Betfair account this morning. All with IPs from various different cities in the UK so perhaps someone from abroad using a VPN?
I only found out because I checked my past logins screen after Betfair forced a password change when I logged in just now.
I have two factor authentication turned on and it doesn't say whether they failed at password or 2FA level.
I tried most of them services and usually its only 2 cities but most of the time its just London and thats it.
Most likely it was distributed brute force attack.
It happens all the time. Attacks on my account usually are from legit locations like:
Brazil, Asia, Russia, UAE and that kind of countries
And i know these are not VPNs because i checked those addresses multiple times and they are legit internet providers, not data centers.
EDIT: You cant change your username.
I tried to do that as well and betfair customer service was not very helpful...basically they say you cant change it. Have a nice day
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
? I've never had one.
Are these accounts ones with an email address as the username or older ones with a more randomly selected name?
I had the same problem last month. In my case, the problem was solved after I`d changed my email. It seems that when they enter your email as your username, it shows as an unsuccessful login attempt even when your username is not your email. So, I would suggest registering a unique email that is not used anywhere else.jamesedwards wrote: ↑Sun Oct 15, 2023 9:33 amThey were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.
Derek, what painful process did you have to go through to change your username?