Since it is in swedish (http://www.aftonbladet.se/vss/poker/story/0,2789,709136,00.html) I'll have to translate.

"The poker pro lost his username - and $65 000. The cyber thieves stole his password to the account at PartyPoker.

When the swedish poker pro Mats Rahm managed to get access again the account had been emptied of over $65 000 (probably not true, but portions of it was lost).
- I don't know what will happen now, he says.

When Mats Rahm, from Vällingby outside Stockholm tried to log in on the site of Partypoker.com it didn't work at all. Wrong password was the reply he got. Same thing when he tried to access his hotmail-account.

The reason for the technical problems was worse than Mats Rahm could imagine. Someone had hacked into his mail account and thereby were able to get access to the password for his poker account. It was emptied of $65 000.

- This is stealing. And it was very well timed. I was in Tallin for four days to play the Pokermillion (a swedish competition). and didn't have access to my account from there.

If he will get his money back again is no clear. The thieves had managed to gamble away a big amount in the meantime.

- I don't know what will happen now. A manager from PartyPoker will call me later tonight and we will see. The thieves have played away a chunk of the money. A friend of mine saw my username in action and said they played like maniacs.

Mats Rahm is dissapointed in PartyPokers action - and warns other users of using hotmail.

- Why doesn't any warning bells from the company ring? The thieves change password, logs in from the other side of the world and transfers the maximum $8 000 to other accounts and withdraws at once. Anyone could understand something is not right. Hotmail? I will never use it again.

The issue is now dealt with at the top level of Partypoker, who are listed on the London stock exchange.

Sportbladet (the newspaper) have failed to reach representatives for the company for comments"

How did they hack into his Hotmail account? I guess that's the risk we all run by putting money into virtual only vaults.

Personally I am more worried about the public doubting the security of online poker (more than the actual security of it). This is Swedens largest evening newspaper. Imagine a story like this in USA today.

And of course Partypoker should change their methods. Someone logging in from another country and changing the password should automatically lock the account.

It would require a very large investigation team, of which I'm not sure PP wants to invest in. I've logged into PP from other countries (esp Asia), and I'd get pissed off if I got locked every time that happens. This would happen most to consultants and businessmen.

Also consider the people that live close to a border (like my parents, who live 20 min away from Canada).

[ QUOTE ]
It would require a very large investigation team, of which I'm not sure PP wants to invest in. I've logged into PP from other countries (esp Asia), and I'd get pissed off if I got locked every time that happens. This would happen most to consultants and businessmen.

Also consider the people that live close to a border (like my parents, who live 20 min away from Canada).

[/ QUOTE ]

Or it can be automated since where ip's originate hardly are secret.

Businessmen could tell Party in advance, exactly like you can with Neteller.

But these people wouldn't be changing their passwords when they got to said foreign country.

For Neteller that doesn't matter. It will have to be unlocked by you proving who you are. Their customers security is the most important thing. And without it you will be left wide open, as evidenced by this Partypoker case.

Account locking for foreign IPs could be a feature that can be turned off on request by people who do travel. Myself I've never even been out of Australia (can't swim that good) and I'd sure as hell want my account locked if some dirty englishmen tried to log in :P

How did hacking his hotmail account get the thieves into his Party account? Did he use the same password for both? Or did he have the password in an email stored on Hotmail? In either case, it was pretty careless.

[ QUOTE ]
How did hacking his hotmail account get the thieves into his Party account? Did he use the same password for both? Or did he have the password in an email stored on Hotmail? In either case, it was pretty careless.

[/ QUOTE ]

Start Partypoker. See the button called "forgot password"?

[ QUOTE ]
[ QUOTE ]
How did hacking his hotmail account get the thieves into his Party account? Did he use the same password for both? Or did he have the password in an email stored on Hotmail? In either case, it was pretty careless.

[/ QUOTE ]

Start Partypoker. See the button called "forgot password"?

[/ QUOTE ]

Oh, I get it. They email you your password.

[ QUOTE ]

- Why doesn't any warning bells from the company ring? The thieves change password, logs in from the other side of the world and transfers the maximum $8 000 to other accounts and withdraws at once. Anyone could understand something is not right. Hotmail? I will never use it again


[/ QUOTE ]

Hotmail has nothing to do with the problem. He probably had a significant vulnerability that lead to his hotmail account password being stolen (like using that password at other websites or downloading malicious software).

Well, I get sent to:

https://secure.partypoker.com/my_account/cpEnterDtl.htm

So, at least now, it seems you have to talk to somebody.

They must have changed it today. Earlier you just had to type in the email and they sent it to you at once.

Perhaps something good came out of this and Party increased their security?

[ QUOTE ]
Start Partypoker. See the button called "forgot password"?

[/ QUOTE ]
And that's just plain stupid. No financial institution will simply send you a password or a link to reset your password in an e-mail. You always have to verify your identity. Neteller does this. Hell, even Hotmail makes you answer your "secret question."

If Party doesn't employ this vital security step, they deserve a publicity disaster.

I do have one problem with the original story.

Hacked into his Hotmail account?

Or someone knew his Hotmail pw already ("friend", keylogger, etc)?

Is the assumption that Hotmail can be hacked into that easily?

Guess they might know what Party screen name goes with what Hotmail account, but that is another layer of security that online players should pay attention to themselves, to protect themselves and not depend on the sites (poker or banking) to do it all for them.

[ QUOTE ]
Guess they might know what Party screen name goes with what Hotmail account, but that is another layer of security that online players should pay attention to themselves, to protect themselves and not depend on the sites (poker or banking) to do it all for them.

[/ QUOTE ]
nh.

[ QUOTE ]

Hotmail has nothing to do with the problem. He probably had a significant vulnerability that lead to his hotmail account password being stolen (like using that password at other websites or downloading malicious software).

[/ QUOTE ]

Hotmail accounts are not very secure. All you need to do to reset somebody's password is know what city they are from and their secret question. Yahoo you need to know the person's DOB, city and secret question. Gmail you need to have access to their secondary email account to get the password.

[ QUOTE ]
I do have one problem with the original story.

Hacked into his Hotmail account?

Or someone knew his Hotmail pw already ("friend", keylogger, etc)?

Is the assumption that Hotmail can be hacked into that easily?

Guess they might know what Party screen name goes with what Hotmail account, but that is another layer of security that online players should pay attention to themselves, to protect themselves and not depend on the sites (poker or banking) to do it all for them.

[/ QUOTE ]

Of course most likely his computer was compromized at some point. Many computers are. The pokerrooms security has to work under the assumption that emials or computers can be comprimized. If they assume everyones computer is safe they will work from non realistic conditions.

Could very easily have been someone he knew, maybe even just someone he knew over the net. How hard would it be to know someone's city and their secret question of "Pet's name"...

His Pokerstars account was also stolen. E-mail from PS security to the guy:

"Hello Mats,

I wanted to give you an update on what I found on my investigation of the
unauthorized use of your account.

Since the last time you told me that you had accessed your account, on
9/26/05, it was not accessed again until 9/29/05. On 9/29/05 at 8:23 PM a
password change was requested and a new password was sent to the email
address registered in your account, mazak14@hotmail.com. Then at 8:24 your
account was accessed for the first time, from a computer that can be traced
back to Pennsylvania, US.

Right after your account was accessed, there was a $150.00 transfer made to
a brand new account named 'PoopTree', created from this same computer.
Account 'TestBigBoot' appears to also have logged in from this same
computer during the time your account was accessed from there.

Then after your account received a transfer for $400.00 they went on and
spent it on the tables. I did not find any dumping or irregular play on my
preliminary review, but I am awaiting the results from a review by our
Poker experts to confirm this. (dom $400 kom från gambler21 efter att jag skinnat honom på kinapoker)

I am trying to get more information from the accounts mentioned above, but I have only gotten bogus replies from one of them. Please let me know if these account names and the fact that they are from Pennsylvania give you any clues as to who they may be. These people must have known your complete address in order to request a new password. But they may have also gotten that information from your email account information.

I would like to speak to you again over the phone to get more details for
my investigation. I will be in the office on Tuesday between 10:00 AM ET
and 6:00 PM ET, please let me know if it would be possible for me to reach
you then and what would be the best time.


Looking forward to your reply.


Regards,

Jorge
PokerStars Security"

Some info about the name and location (http://rgpaccess.com/printthread.php?t=84034) of the guy using that stars account.

There is absolutely no way $65,000 should be able to be taken out of someone's account without having to verify their identity over the phone or having access to his normal ip & password. I mean requesting a password reset and then logging in from an ip in a different location than the normal one should in itself be a big red flag. Then on top of that making the biggest inter-account transfer possible. I generate somewhere around $7-8k in rake per month, and for that kind of money they should be doing a better job than this to protect my account.

[ QUOTE ]
and transfers the maximum $8 000 to other accounts and withdraws at once.


[/ QUOTE ]

5. You agree that the recipient will have to play the higher of at least 50 raked hands or the numerical equivalent of 25% of the transferred amount in raked hands before withdrawing the transferred money (for example if $50 is transferred then the recipient must play 50 raked hands with that transferred money as 25% of $50 amounts to only 12.5 raked hands).

So they played 2000 raked hands too? Not quite "withdraws at once."

It would be nice if that Party rep here could give us his take on this huge ripoff to one of their players.

[ QUOTE ]
There is absolutely no way $65,000 should be able to be taken out of someone's account without having to verify their identity over the phone or having access to his normal ip & password.

[/ QUOTE ]

One nice thing about Party being publically traded is that they will really have to address this.

E*Trade is now offering token devices for added protection. (http://news.com.com/ETrade+adopts+additional+security+for+traders/2100-1029_3-5594914.html) They are doing this for a fee, but offer the service free of charge to large accounts. Party could take this course of action, as well.

This is just nuts, i read this elsewhere as well. How could they let this happen! The guy is partially responsible though, who the freak leaves $65k in an account, this isn't an insured bank.

[ QUOTE ]
There is absolutely no way $65,000 should be able to be taken out of someone's account without having to verify their identity over the phone or having access to his normal ip & password. I mean requesting a password reset and then logging in from an ip in a different location than the normal one should in itself be a big red flag. Then on top of that making the biggest inter-account transfer possible. I generate somewhere around $7-8k in rake per month, and for that kind of money they should be doing a better job than this to protect my account.

[/ QUOTE ]

What stakes do u play and how many tables for 7k a month rakeback???

[ QUOTE ]
What stakes do u play and how many tables for 7k a month rakeback???

[/ QUOTE ][ QUOTE ]
I generate somewhere around $7-8k in rake per month

[/ QUOTE ]

[ QUOTE ]
The guy is partially responsible though, who the freak leaves $65k in an account

[/ QUOTE ]

Uh, tons and tons and tons of people. [censored] just go on interpoker right now and you can see several people just sitting with $65k combined on a few tables.

I'll let the comment that he was some how responsible just because he had this amount of money online pass.

If you regularly play $25 buyin NLH then having $250 online is about the mininum to play multiple tables. Playing $1000 and $2000 games having $20-40K online is common.

MS Sunshine

[ QUOTE ]
I'll let the comment that he was some how responsible just because he had this amount of money online pass.

If you regularly play $25 buyin NLH then having $250 online is about the mininum to play multiple tables. Playing $1000 and $2000 games having $20-40K online is common.

MS Sunshine

[/ QUOTE ]

If this had been on Crypto, Full Tilt, or UB I wouldn't bat an eye at the amount. But they spread games considerably higher than Party does. I don't see any reason to keep $65k on a site to play $2k NL or $100/$200.

Especially for a European player. The amount he must have lost over the last few months just from keeping all that money in $ is huge.

[ QUOTE ]
[ QUOTE ]
I'll let the comment that he was some how responsible just because he had this amount of money online pass.

If you regularly play $25 buyin NLH then having $250 online is about the mininum to play multiple tables. Playing $1000 and $2000 games having $20-40K online is common.

MS Sunshine

[/ QUOTE ]

If this had been on Crypto, Full Tilt, or UB I wouldn't bat an eye at the amount. But they spread games considerably higher than Party does. I don't see any reason to keep $65k on a site to play $2k NL or $100/$200.

Especially for a European player. The amount he must have lost over the last few months just from keeping all that money in $ is huge.

[/ QUOTE ]

Quite the opposite. The value of the dollar has increased a lot in the last 6 months.

I think he was a SnG player. At Party the highest SnGs are $5k buyin. If he was playing $1k steps then $65k is a bit excessive.