Cyberthiefs stole $65000 from Party poker player.

[CORed]

[ QUOTE ]
[ QUOTE ]
How did hacking his hotmail account get the thieves into his Party account? Did he use the same password for both? Or did he have the password in an email stored on Hotmail? In either case, it was pretty careless.

[/ QUOTE ]

Start Partypoker. See the button called "forgot password"?

[/ QUOTE ]

Oh, I get it. They email you your password.

[AngusThermopyle]

Well, I get sent to:

https://secure.partypoker.com/my_account/cpEnterDtl.htm

So, at least now, it seems you have to talk to somebody.

[Freudian]

They must have changed it today. Earlier you just had to type in the email and they sent it to you at once.

Perhaps something good came out of this and Party increased their security?

[ QUOTE ]
Start Partypoker. See the button called "forgot password"?

[/ QUOTE ]
And that's just plain stupid. No financial institution will simply send you a password or a link to reset your password in an e-mail. You always have to verify your identity. Neteller does this. Hell, even Hotmail makes you answer your "secret question."

If Party doesn't employ this vital security step, they deserve a publicity disaster.

[stabn]

[ QUOTE ]

- Why doesn't any warning bells from the company ring? The thieves change password, logs in from the other side of the world and transfers the maximum $8 000 to other accounts and withdraws at once. Anyone could understand something is not right. Hotmail? I will never use it again


[/ QUOTE ]

Hotmail has nothing to do with the problem. He probably had a significant vulnerability that lead to his hotmail account password being stolen (like using that password at other websites or downloading malicious software).

[Nick B.]

[ QUOTE ]

Hotmail has nothing to do with the problem. He probably had a significant vulnerability that lead to his hotmail account password being stolen (like using that password at other websites or downloading malicious software).

[/ QUOTE ]

Hotmail accounts are not very secure. All you need to do to reset somebody's password is know what city they are from and their secret question. Yahoo you need to know the person's DOB, city and secret question. Gmail you need to have access to their secondary email account to get the password.

[Freudian]

His Pokerstars account was also stolen. E-mail from PS security to the guy:

"Hello Mats,

I wanted to give you an update on what I found on my investigation of the
unauthorized use of your account.

Since the last time you told me that you had accessed your account, on
9/26/05, it was not accessed again until 9/29/05. On 9/29/05 at 8:23 PM a
password change was requested and a new password was sent to the email
address registered in your account, mazak14@hotmail.com. Then at 8:24 your
account was accessed for the first time, from a computer that can be traced
back to Pennsylvania, US.

Right after your account was accessed, there was a $150.00 transfer made to
a brand new account named 'PoopTree', created from this same computer.
Account 'TestBigBoot' appears to also have logged in from this same
computer during the time your account was accessed from there.

Then after your account received a transfer for $400.00 they went on and
spent it on the tables. I did not find any dumping or irregular play on my
preliminary review, but I am awaiting the results from a review by our
Poker experts to confirm this. (dom $400 kom från gambler21 efter att jag skinnat honom på kinapoker)

I am trying to get more information from the accounts mentioned above, but I have only gotten bogus replies from one of them. Please let me know if these account names and the fact that they are from Pennsylvania give you any clues as to who they may be. These people must have known your complete address in order to request a new password. But they may have also gotten that information from your email account information.

I would like to speak to you again over the phone to get more details for
my investigation. I will be in the office on Tuesday between 10:00 AM ET
and 6:00 PM ET, please let me know if it would be possible for me to reach
you then and what would be the best time.


Looking forward to your reply.


Regards,

Jorge
PokerStars Security"

Some info about the name and location of the guy using that stars account.

[obsidian]

There is absolutely no way $65,000 should be able to be taken out of someone's account without having to verify their identity over the phone or having access to his normal ip & password. I mean requesting a password reset and then logging in from an ip in a different location than the normal one should in itself be a big red flag. Then on top of that making the biggest inter-account transfer possible. I generate somewhere around $7-8k in rake per month, and for that kind of money they should be doing a better job than this to protect my account.

[StevieG]

[ QUOTE ]
There is absolutely no way $65,000 should be able to be taken out of someone's account without having to verify their identity over the phone or having access to his normal ip & password.

[/ QUOTE ]

One nice thing about Party being publically traded is that they will really have to address this.

E*Trade is now offering token devices for added protection. They are doing this for a fee, but offer the service free of charge to large accounts. Party could take this course of action, as well.

[jzpiano14]

[ QUOTE ]
There is absolutely no way $65,000 should be able to be taken out of someone's account without having to verify their identity over the phone or having access to his normal ip & password. I mean requesting a password reset and then logging in from an ip in a different location than the normal one should in itself be a big red flag. Then on top of that making the biggest inter-account transfer possible. I generate somewhere around $7-8k in rake per month, and for that kind of money they should be doing a better job than this to protect my account.

[/ QUOTE ]

What stakes do u play and how many tables for 7k a month rakeback???