Went to bed last night, had $650 left in my account. Got up this morning, tried to sign in for a multi table tourney, and saw I had $1.73 in my account.

Gulp.

Party is checking into it. I am promised a call back within two hours.

The initial investigation has shown:

1) They confirmed my logout at 3:00 am eastern time.
2) Two more log-ins occurred, within the next hour, from an ISP other than those I have used. In fact, this ISP has never been used to access Party before by anyone prior to this morning.

This is unsettling. I wonder how it will end. Anyone have a similar incident?

should be easy to see where it went, they probably dumped it to another player

Yes, fast action may save the bankroll. They can trace the dumping and prevent cashouts. Of course the theif likely lost money to many innocent people as well.

Questions for everyone:
Does anyone else use your computer?
How often do you change your password?
Have you been infected by a keystroke virus lately?
Have you played Party on someone elses computer recently?

Have you been infected by a keystroke virus lately?

yes to this, no to rest

I always wonder if some of those maniacs are sometimes pissed off ex girlfriends that know the ex boyfriends user name and password.

NM

DVO,

Sorry to hear this. I hope everything works out for you. Your post brings up something that's been bothering me about how most sites handle user accounts. I really hate that PP, Empire, Stars and most other sites use a players user ID as the user's screen name. So anybody you've ever played agains already has half of what they need to gain access to your account.

The only site I've found that does it (security) right is Absolute Poker. On Absolute your screen name and your user ID are separate. I wish all on-line poker sites would adopt this practice.

Please keep us informed on how this turns out for you.

Good Luck,

Bubbagump

I thought you could change your sceen name on PP.

Did you get an e-mail lately that your password was sent at your request? (when you never requested that?).That was something I have received myself few month ago.

JAque

One more question. What was the cash out option ? I am assuming that the only option for the thief to get a hold of the cash is by using a certified check which can easily be stopped. All other electronics options will required passwords and user names (unless he used a keystroke virus type program)

that just plain old sucks. hope everything works out ok for you. from experience, you have a snowballs chance in hell of party calling you back within 2 hours. it will be extremely irritating but you must keep on top of them and keep a record of whom you speak to there, in order to get back in touch with them. when you get the typical runaround, assert yourself and ask to speak to the shift manager, and so on and so forth. this has been my experience and i hope not yours....but just in case. it would have saved me additional headache if i had kept track of my contacts there with similiar issues.

good luck

morg.

yes... but only every 6 months or so

Yes you can change your screen name on Party every 6 months, BUT they have also changed it so you can log in to your account via using either your account name OR your screen name.

Well, Party did not call back in the two hours promised, so I called.

Here is what I found out.

They tracked the $$ to some Los Angeles ISP account NOT connected to any other PP player. This A hole proceeded to burn up my money at a $215 single table SNG and small cash NL game. Party says: Sorry, this is not inconsistent with your play, we have no evidence this is not you who did this.

Never mind that:

1) I Have never played a $215 SNG ( I have played $100 SNG's maybe 3 times; the rest $30 and $50 SNG's)

2) I have never played micro cash NL tables

3) I have never accessed my account from the ISP in L.A. ( I am in Long Beach)

I have reached one possible answer to this.

My password is my son's name. There are about 3 people in this world who 1) know my PP handle; 2) know my son's name.
I trust all three of these people. However, one of those three people has friends who have watched me play/played against me/exchanged table chat etc. etc. Could they somehow have overheard my son's name from my friend and made the connection?

It's baffling and angers me.

Any advice?

And Party Poker comes through with outstanding customer service once again.

Not to make you feel bad after you lost $$$, but your post reveals a very important lesson regarding passwords that we should all remember...DON'T USE EASY-TO-GUESS PERSONAL INFO FOR A PASSWORD!!! I hope you changed yours immediately.

[ QUOTE ]
My password is my son's name.

Any advice?

[/ QUOTE ]

Using ANY dictionary word as your password is asking for trouble. It's very likely to be someone with a password cracking program and not someone you know. Basically a password cracking program runs through an entire dictionary of common words, names, phrases, etc) in an attempt to access your account.

The best type of password is something like ?O"4+=DuA a RANDOM mix of upper and lower case letters, numbers, and other symbols (symbols are sometimes not allowed by the site, but at a minimium mix the case and add numbers). This sort of password will prevent all but the most determined hackers from getting into your account. Someone would have to do a brute force search on your password (literally try every single possible combination) which can take days/weeks/months/years depending on the length of your password and the technology they are using.

I personally use atory password generator (http://www.atory.com/?a=2&id=6) for generating strings of random text.

and

Password Safe (https://sourceforge.net/projects/passwordsafe/) for password storage and encryption on my local machine.

Both of these are free. I'm sorry to hear about your loss but if you take the proper steps it is (very) unlikely to ever happen again.

Peace,
J

yes, lesson learned. thanks.

one more question. PP is sending me the ISP of the thief. Will that allow me to track him / her down in any way?

[ QUOTE ]
Will that allow me to track him / her down in any way?

[/ QUOTE ]

It would probably require the cooperation of his ISP which is unlikely. /images/graemlins/frown.gif (Never hurts to try though, certainly.)

I trust all three of these people.

i would re-examine this. i would also think that if the circle of people that know your password is so tight, then you should be able to figure it out.

personal and property crimes against people are, 80% of the time, done by friends and family. you already have a short list. your answer is there imo.

I would get the hand histories from last night. I don't know what good it would do, but would be interested to see if this scumbag dumped a lot of chips to one person.
This situation makes me reconsider my annoyance with the crypto sites and their PIN numbers.

File a computer crime report and include the IP Address - the local police will be able to get a subpeona to trace down the IP Address - You should also ask Party for any identifying information on the computer such as the computer name, workgroup name, and other identifying marks they track (believe me there are plenty). Being it is your account there is no reason they shouldnt release this.

Most likely that ISP also tracks such information if not and even though the IP is Dynamic they can probably trace it to a maximum of 10 -20 people who could of been using that IP at the time, sometimes 1 right away with a good techy.

You then use the computer information provided by party to provide this was the person. You file criminal charges and take them to snall claims court - VOILA!

On a side note, it is rare but if the dial up IP is static (much more common on regular dial up ISP's) they will be able to tell the user who did this with the snap of a finger - LITERALLY!

<-- Knows a litle bit about IT

A U.S. small claims court probably does not have jurisdiction over fraud being conducted at offshore internet poker sites.

His foot might have jurisdiction over someone's ass, though.

I'm sorry that happened to you, hopefully partypoker can get your money back. I had a similiar incident, I used the same password for many of my accounts. Someone figured out my password and closed me out of my email and placed bids on ebay under my name. It was the biggest pain in the ass to get it straightened out, I would not want that to happen to anyone else. JasonHoldEm is right, make sure passwords for you accounts (email, ebay, poker, bank, etc.) have different, complex passwords with both upper and lower case letters.

DL

Given it was a computer crime that occured in the U.S. on his computer located in the U.S. and he stole money from software using it in the U.S. - I am pretty sure he would have a sure fire win. Worst case scenario he will be nailed with criminal charges, and that is the best case scenario for this guy. As unless he spoofed his IP then he is doomed, and if they can tell he was using a DIALUP connection I would put the odds at 1,000,000 to 1 he was not spoofing his IP. Even if he thought he ws he pry had it spoofed through his browser not any windows wun applications.

This guy is screwed if you really want to go after him, GL !

F that. I'd go nuts on Party Poker til I got my money back. Don't let them give you a BS answer like they did. If the play really wasn't typical like you said, I think you need to talk to someone higher up at Party and get it looked at more.

DVO, you should probably figure out how the person got access to your Party password before you ever play internet poker or do any other form of internet transaction.

There is a good chance that someone may have installed a keylogger. To check for these, download Bazooka spyware scanner or Pest Patrol (both at Download.com) and it should give you an idea of how infected your PC is with sypware.

No matter how complicated your passwords are, if someone can read everything you type on your computer, they will be able to hack into your account again.

[ QUOTE ]
DVO,

Sorry to hear this. I hope everything works out for you. Your post brings up something that's been bothering me about how most sites handle user accounts. I really hate that PP, Empire, Stars and most other sites use a players user ID as the user's screen name. So anybody you've ever played agains already has half of what they need to gain access to your account.

The only site I've found that does it (security) right is Absolute Poker. On Absolute your screen name and your user ID are separate. I wish all on-line poker sites would adopt this practice.

Please keep us informed on how this turns out for you.

Good Luck,

Bubbagump

[/ QUOTE ]

I never thought about that, but its a very good point.

[ QUOTE ]
F that. I'd go nuts on Party Poker til I got my money back. Don't let them give you a BS answer like they did. If the play really wasn't typical like you said, I think you need to talk to someone higher up at Party and get it looked at more.

[/ QUOTE ]

I agree completely. I can't believe theres not more outrage at PP here.

I think it is because there is nothing they can really do. It isn't their fault his PW got stolen. If the person just took the money and then tried to dump it or cash it out and party did nothing that'd be different, unfortunantly the guy just went on a joyride.

I can't believe someone would blame party at all. You tell you password to anyone and you're just asking for it. How was this party's fault at all? As stated earlier you can change your screen name so it's different from you account name.

[ QUOTE ]
think it is because there is nothing they can really do. It isn't their fault his PW got stolen. If the person just took the money and then tried to dump it or cash it out and party did nothing that'd be different, unfortunantly the guy just went on a joyride.

[/ QUOTE ]

Listen you stupid turd, they could prevent different ISP's from logging onto a single account. Neteller does this very thing.

No they don't. I've logged into neteller from about 20 different ISP's by now. And that would suck big time if you could only play from ISP. It would appear that is is you who is the stupid the turd.

[ QUOTE ]
No they don't. I've logged into neteller from about 20 different ISP's by now. And that would suck big time if you could only play from ISP. It would appear that is is you who is the stupid the turd.

[/ QUOTE ]

I think you are confusing an IP address with an ISP(Internet Service Provider.. IE AOL, COMCAST, EARTHLINK)

And yes Neteller does prevent you from logging in from multiple internet service providers (ISP'S).

You're right I meant both. And yes I've logged on from many different ISP's and IP's and have had no problems doing so.

[ QUOTE ]
I can't believe theres not more outrage at PP here.

[/ QUOTE ]
I would certainly ask them how many times someone can try a password before access is blocked. If someone can just hack at passwords indefinitely, that is a big problem.

DVO, when you write about Party confirming that your account was logged into from a different "ISP", do you mean "IP address"?? those are 2 very different things...

I don't think this is really Party's fault.

And I am doubting that this is an instance of key-logging.

I know LA is a big area....but it seems more likely that somehow your password info escaped to someone you know or someone who knows someone you know.

The people who come by your table to chat and say hi via some friend of yours sure seems like a good place to begin your investigation.

I don't know how old your son is....but if he is 12 y.o. or older I might consider starting with him and his friends. Especially if he has any friends in L.A.




Additionally - I don't believe any local authorities would really have jurisdiction here.
Contacting them may not be the smartest idea anyway since the legality of online-poker is still in a grey area anyway.

"Hello, Police?? Someone hacked into my semi-legal off-shore internet-gambling account because I made my password too easy to figure out. I need help tracking down the culprit. Even though I can't legally sue them I would still like to find them so I can break their knee-caps. Any assistance ou can provide will be appreciated."

[ QUOTE ]
The only site I've found that does it (security) right is Absolute Poker. On Absolute your screen name and your user ID are separate.

[/ QUOTE ]


Other sites I know of that do it the 'right' way are all tied with in sportsbooks (meaning you have an acct# and THEN choose a handle for the poker-room).
These include Intertops, WilliamHill and Bodog.

As far as I know, you cannot log onto the site via your poker-handle. It has to be your account name or #.

I believe they said IP address, but I will know tomorrow when I get into the office and check my e mail.

Thanks all for the responses. There is some good news: I had just cashed out $3,000 prior to this event. The check's in the mail. Otherwise this could have been a total disaster.

Typical idiotic gabyyyy reply, giving it's opinion on things it is completely ignorant of.

Neteller does no such thing. I can log on to my Neteller account from my regular home account, my work account (different ISP!), and my back-up dial-up account (gasp! yet another different ISP).

[ QUOTE ]
F that. I'd go nuts on Party Poker til I got my money back. Don't let them give you a BS answer like they did. If the play really wasn't typical like you said, I think you need to talk to someone higher up at Party and get it looked at more.

[/ QUOTE ]

Here is why i think Party has no choice but do what they did.

I have $600 in my account. Hey siccjay or some other friend who party would not know that i know, how about i give you my account info. You go and try and make a big score in the largest s&g or some NL. If we lose, its all good because Party will have to give me the money back considering it will show i logged off that night and then in the early morning the money was lost by someone who logged in somewhere else.

I am in no way saying this is what was done. I just think it is why Party could never give in and reimburse.

rJ

There should be a limited amount of password attempts before your account is locked. Maybe ten attempts and the account is locked and an email is sent explaining why. If Party has unlimited attempts they could be partially at fault. It would interesting to know how the different sites handle this important security issue.

Thank you,

Jim Kuhn
Catfish4U
/images/graemlins/spade.gif /images/graemlins/diamond.gif /images/graemlins/club.gif /images/graemlins/heart.gif

[ QUOTE ]
Neteller does no such thing. I can log on to my Neteller account from my regular home account, my work account (different ISP!), and my back-up dial-up account (gasp! yet another different ISP).

[/ QUOTE ]

I normally access my Neteller account from Comcast in the Twin Cities. When I went to Montreal on vacation, they blocked it. I called them up and they said it was because I was trying to access it from a different location. Maybe it's because it was international, but they said they have geographical/ISP restrictions in place. They had to remove them temporarily so that I could get to my account while on vacation.

I personally think this is a good thing and was happy to find out that it existed.

hmm weird, same thing with me and montreal.. i also like that they do it like that.

[ QUOTE ]
hmm weird, same thing with me and montreal.. i also like that they do it like that.

[/ QUOTE ]

Its fine for neteller but for Party I would find it a huge pain, I work away from home so access from my digs in London from my laptop, I go home weekends or weeks off and can play either on my normal PC at home or again on my laptop on wireless (not on toilet as yet).

I have also had to access from a Internet Cafe when mty london connection was down. It would be apain having to unlock my account two or three times a week for a program I access daily.

i agree that this kind of method should not be used for party

[ QUOTE ]
I can't believe someone would blame party at all. You tell you password to anyone and you're just asking for it. How was this party's fault at all? As stated earlier you can change your screen name so it's different from you account name.

[/ QUOTE ]

Any good multi-million dollar business would look after its customers. Its like if you go into a restaurant and don't like your order....they'll give you something new for free even though its not their fault. If you spill your fast food order on the floor, they'll give you new food even though its not their fault. I could list more examples.

PartyPoker, as the leading internet poker site, should definitely be concerned with people feeling safe about depositing money online. As it turns out, this guy, has just told hundreds of people here alone, and I'm sure many of us are telling others about this story. Do you really think that kind of bad press isn't worth paying a measly $600 to prevent? Instead of people now fearing putting money online, people would instead be talking about how great PP was to take care of their customers. I know that most of us here are advanced poker players and don't think this way...but if you don't think the average guy has some reservations about trusting his money to a poker site, you're crazy.

I disagree with almost everything you said.

[ QUOTE ]
Any good multi-million dollar business would look after its customers.

[/ QUOTE ]

party poker is a good multi-million dollar business? since when!


[ QUOTE ]
Its like if you go into a restaurant and don't like your order....they'll give you something new for free even though its not their fault. If you spill your fast food order on the floor, they'll give you new food even though its not their fault.

[/ QUOTE ]

I played a hand of poker the other day where I lost $100 on a bad beat, can party give me my $100 back because I didn't like the outcome of the hand, even thought it isn't their fault?

Or what if I was at a restaurant and I went to the bathroom and somebody jacked my wallet that I left on the table, should they pay me back?

[ QUOTE ]
PartyPoker, as the leading internet poker site, should definitely be concerned with people feeling safe about depositing money online.

[/ QUOTE ]

I'm sure they are concerned, but party is the 1st place where I would feel most safe with my money in a poker account

[ QUOTE ]
As it turns out, this guy, has just told hundreds of people here alone, and I'm sure many of us are telling others about this story. Do you really think that kind of bad press isn't worth paying a measly $600 to prevent?

[/ QUOTE ]

I haven't told anyone of this story, and also a huge majority of people in this thread have stated they believe that it isn't party's fault. There is no bad press associated with this. Also, I'm sure this problem is not limited to party, and has happened at almost every single online poker site.

[ QUOTE ]
Instead of people now fearing putting money online, people would instead be talking about how great PP was to take care of their customers.

[/ QUOTE ]

I think there would be a lot of people talking about how big of suckers party poker was, and thinking of various ways to take advantage of this.

I'm not sure what you're implying: That PP isn't a multi-million dollar business? Or that they don't try to be a good business?

Getting a bad beat is a lot different from having money stolen from you. I don't see your analogy at all. My point was simply that a company should offer payback for things even if it isn't always their fault.

'I'm sure they're concerned'....good you agree with me here.

You're crazy if you don't think someone having money stolen online isn't bad press for the site that it happens at. I really don't know where to begin with this one, as it seems totally obvious to me.

Any company with good customer support occassinally gets taken advantage of. Do you realize that you can call up McDonalds headquarters and complain about service and they'll give you tons of free coupons. Or that if any pair of Nikes get worn out and get holes no matter how long you've had them or what you've done to them that you can get a brand new pair? These companies do get taken advantage of. And they know this. However, they realize that is a multi million dollar industry, getting taken advantage of for a $200 pair of sneakers is totally insignificant when it comes to protecing your companies good name and being customer friendly. Apparrently, PartyPoker still hasn't learned this lesson(no big surprise there, I realize).

[ QUOTE ]
hmm weird, same thing with me and montreal.. i also like that they do it like that.

[/ QUOTE ]

It's an international thing. I have accessed Neteller from all over the US with no problems. But every time I have tried to access it from another country they have blocked my account and made me call them to verify that it is me that is trying to access from India. /images/graemlins/blush.gif

It's an international thing

that's one helluva tip toe around the core issue of the thread.

woo

http://smilies.sofrayt.com/%5E/_950/tiptoe.gif

[ QUOTE ]
It's an international thing

that's one helluva tip toe around the core issue of the thread.

woo

http://smilies.sofrayt.com/%5E/_950/tiptoe.gif

[/ QUOTE ]

I don’t know anything about this case in particular so didn’t think my commenting would add anything. But I will give a few examples of some of the cases I have seen over the years. The fact is that this kind of thing happens and even though most people “think” they are safe, they really aren’t and don’t realize it.
My brother is a classic example. He “thinks” that his information is secret and that only he has access to his account information. Never mind the fact that I know his info, he logs on from other peoples computers, plays from work and has I'm sure at least once left the password checked box on. He feels that his info is safe but looking at it from a different perspective I would say he is pretty careless.
About a year ago my brother called me on the phone frantic that someone had hacked into his Party account. He swore that he had recorded the amount he was supposed to have in his account and that he had lost several hundred without playing. He was at home at the time and no one was on his home computer. Without even sending it along to the Party IT team, I had him pull up the hand histories for the last 100 hands played. The person had lost several hundred playing PL Omaha and NL Hold’em. The play was pretty erratic and looked like someone who didn’t have a good understanding of the game (but not chip dumping). To make a long story short, it turns out one of his coworkers had somehow gotten a key to his office, logged on and played on his account with the intent of paying back anything he lost.
Another case involved a friend of mine that called me to tell me his account had been hacked; all of his money was gone. He did in fact go to great lengths to secure his info and had never logged onto his account from any computer other than his own. No one knew his password. After spending a few hours looking into it and getting some information, it appeared that the session was from his home computer. Another long story made short…he was having a dinner party with friends and his kids and the friends kids had gone into his office, turned on the computer and dumped all the money thinking it was for fun money.
Last story…I was on a cruise in Alaska and went to a cyber café to check some email. I noticed the computer had PartyPoker installed on it!! So I opened the client and lo and behold there was the username and password of someone on the cruise checkmarked into the client. Knowing this person very well and knowing how anal he is about things, I decided to strike up a conversation with him about account security. For ½ an hour he explained to me what he does to protect his information, from changing his password monthly to using random passwords, never checking the remember password box…and on and on. When I told him what I found at the cyber café he about fell out of his chair.

Most all of the cases that are reported to Party end up with a reasonable explanation based on the information gathered. A large % of the reported cases are accounts accessed by friends, family or through negligence of the user. In fact, I have yet to see a single case of reported hacking that was confirmed to be just that.

that could be the most idiotic post i have ever read in my entire life!!! Are you SERIOUS??? Party Poker is responsible for that money being in his account. Therefore, it is THEIR responsibility to make sure that it is safe in that account. There is no other solution other than Party giving back his STOLEN money.

a player is responsible for his or her own password and account security. otherwise i could go to another state, log into my account, and go crazy playing $200 sng's. if i lost it all i could just complain to party that someone "hacked" my account and i would get all the money back. that is stupid.

[ QUOTE ]
that could be the most idiotic post i have ever read in my entire life!!! Are you SERIOUS??? Party Poker is responsible for that money being in his account. Therefore, it is THEIR responsibility to make sure that it is safe in that account. There is no other solution other than Party giving back his STOLEN money.

[/ QUOTE ]

LOL

You're pathetic!

It is almost like you haven't even read this entire thread filled with TONS of good reasons why he shouldn't get his money back and you just decided to throw down some pathetic flame.

[ QUOTE ]
that could be the most idiotic post i have ever read in my entire life!!! Are you SERIOUS??? Party Poker is responsible for that money being in his account. Therefore, it is THEIR responsibility to make sure that it is safe in that account. There is no other solution other than Party giving back his STOLEN money.

[/ QUOTE ]

Party has a responsibility to ensure that customers' money is held safe up to a point. But the customer has an equal responsibility to keep his account information secret and safe. If the customer doesn't hold up his end of the bargain, it should not be Party's duty to make good on the lost money.

If there's any demonstrable evidence that Party failed in their duties (i.e. their system was hacked, or a company employee with account access stole the money) then it would be easy to argue that Party needs to pay it back. But if it appears that the customer failed in his responsibility to keep his account information safe, then Party should not be under any obligation to repay the funds.

About a year ago my brother called me on the phone frantic that someone had hacked into his Party account......... The play was pretty erratic and looked like someone who didn’t have a good understanding of the game

and this EMIMINATED pbo himself?

i would have assumed he lost it in a KK, sugar induced hallucination.

http://www.anchoredbygrace.com/smileys/hungrysmiley.gifhttp://smilies.sofrayt.com/%5E/x/coffeecup.gifhttp://www.anchoredbygrace.com/smileys/hungrysmiley.gif