Warning: This will be lengthy and there will be cliffnotes, if nothing else, please read everything under the bold heading

So first-things-first, for those of you that don't know, on Saturday May 15th, my pokerstars account was hacked into and my password was changed. The hacker played a $5500+100 HUSNG against skilledsox and lost. Shortly afterword he took my remaining balance to 50/100/25 NLHE. It was at this point that a good friend of mine asked me on AIM why I was playing high stakes cash. I obviously started to panic and sent between 5 and 10 emails to Pokerstars security informing them of the situation in about a 15 minute span. I had a friend go to the table and beg the players playing to sit out telling them my account was hacked, but to no avail. The hacker busted my Stars roll (~$30,000) to three different players at this cash table: 26071985, Jcl87, and Buschapa. I include their screen names not to make them villains, or blame them for not sitting out, but to hopefully get in contact with them to explain the situation and hear their thoughts, and I think one of you out there has to have contact info. Stars security responded about half an hour later with a generic email stating that they were investigating the situation. I stayed up for a couple hours more, I changed my passwords to my other poker sites and went to bed.

The next day, I took my laptop to an electronics store, and paid $300 to get it checked, de-bugged, and to have advanced anti virus software installed. I went home, got online on a different laptop with a different IP, and minutes later, I learned that my UB account had also been hacked, and my Cake Poker account was in the process of being hacked. I quickly shot an email to Full Tilt to freeze my account completely and began exchanging emails with the security teams for UB and Cake. It was shortly after this that I realized that my email was also compromised. The hacker was deleting incoming messages from the security teams as well as sending out messages as me claiming that there was no hacking and that all was well. Fortunately for me, I didn't have as much money on UB or Cake (about 8.5k total) and the hacker tried to transfer most of it rather than play with it. He did however, play UB blackjack, losing about 1,200. The money he attempted to transfer was later recovered and put back into my accounts after a lengthy new email/ID verification fiasco.

Later that night, I received a phone call from Pokerstars security and I was informed that they would not refund any money because their investigation had concluded that the players that the hacker dumped to had good standing accounts with Pokerstars. The hacker did what Stars called a "joyride" of my account, in which the objective is to run the account up playing high stakes and, if successful, cut a deal with the legitimate owner of the account. Stars assumed no fault and offered no compensation. While I can understand their point that it was my responsibility to keep my computer secure, I can't help but feel like this wasn't all my fault. I feel like their response time to my emails was terrible and that several thousand could have potentially been saved if they responded faster. I also thought that as a Supernova that plays almost everyday and generates thousands in rake every month I wouldn't be left out to dry in a situation like this...I thought wrong.

I was told by each security team that they had the IP address(s) and locations that were used to access my computer as well as the email, address, and name associated with each of the hacker's accounts but could not give me this information because of legalities, but could be given at the request of law enforcement. The next day I filed a report with the local police department and also contacted the FBI but was told that because this had to do with online gaming, and the fact that it was a small dollar amount (from their prospective), they would likely not pursue the case. It has been 8 days since I filed this report and have yet to hear back. My confidence in law enforcement has been low ever since I was 12 years old and my family's house was vandalized by the same people on 4 different occasions and on the last of those occasions we saw them walking to our house 1/2 mile away, called the police, and 48 minutes later one trooper stopped by to admire the damage they did. After this incident, I feel like I can never feel safe again, I've lost all respect for law enforcement, the two times I've needed help most in my life, They've been absent. I had a false sense of security, it may sound cynical but don't count on help being there when you need it, because it just isn't. I have pretty good proof that this particular person has done this to multiple people and will continue to do it because he can. It's quite saddening to think that someone can do something like this to multiple people, and get away with it unscathed, especially in the US.

In the last week, I've changed my bank accounts, and run errand after errand, with a constant fear that the situation will keep getting worse. I haven't been able to fully enjoy an activity and won't until this situation gets more closure. As of right now, I have very little desire to play online poker, not because I don't love poker, but because I fear what could happen to me. There will be a time when I feel secure enough to have money online and to play again, but it's going to take time. I will not be attending the world series on account of still being 20, and I have no plans to play any big live tournaments after a disasterous trip to Europe last month. This has really taken a toll on me, It'll be awhile before I will recover, both mentally and financially.

How this happened and things that you can do to help prevent something like this from happening to you: First, if you have a Gmail account attatched to any of your poker accounts, change it ASAP. I had a Gmail account to all 4 of my poker sites and am fairly certain the hacker was able to hack into it (I was told by a security agent that this is very easy to do) and install some sort of key logger on my computer. I was informed that Gmail is usually associated with hacked accounts and some hackers (like this one) likely only target poker players with gmail because it is so easy to gain access to.

Second, Have a seperate email for all things poker. I had one email for everything, and while this is convenient, it's not safe. One of my biggest concerns after I learned my email was hacked was that I had alot of information in there about those close to me, and things other than poker that are valuble such as bank accounts. If you're really hardcore, you can even buy a 2nd computer just for all things poker. If you don't do that at least protect the one you have with anti-virus software of some kind.

Third, get a PIN and/or RSA token for all your poker accounts. I didn't have these...yes I now know this was a big mistake. No one ever told me this was a requirement when your bankroll hit $xxx, I simply felt safer than I was. Also, have different passwords for each poker account, and do not check the "remember password" box, type it in every time.
Every security measure adds a little more inconvenience but trust me, it's worth it. I wish I didn't have to learn it this way, but take every measure you can to protect yourself, it's not worth having this happen.

I will probably never feel totally secure again, but the next time I'm dealt a hand I will be protected much more than I was. I would like to thank my friends and family for their condolences and concern, especially my Mom, this would be alot tougher without you all.

-Dylan "Pokerl)evil" Hortin

Cliffs: Accounts got hacked, lost ~31k (as of right now), protect yourselves

Remember hearing bout this the night it happened. sorry man.

anyone who takes poker semi-seriously at all should definitely have security tokens for stars and tilt. i can't fathom not getting them, especially if you are a high stakes player and are a more likely target to get hacked

That's just unreal man. I'm really sorry to hear that and I hope everything works out and you can get back to doing what you love.

Take care bro

Sooo, I don't quite get the scam. Someone hacks into your account, attempts to run it up, and if he does successfully, then what?

Had it happen to me about a year ago or so and have also had it happen to numerous friends. Great advice and cosign on the gmail. Everyone i know had there gmail account hacked. When u get your email hacked a lot of hackers have all your emails forwarded from your account to theirs. So whenever you get an email they get it as well. There is someway in options of your email to make sure that isn't going on but I don't exactly remember how to do it.

reading this puts me on tilt... i dont understand how no one seems to be able to do anything sbout it or cares about it. it seems to me that pstars should have immediatly frozen the act or something. also the fact that the pigs dont care is bs. you're still an american (presumably paying taxes on your winnings), and for you computer to be hacked and your personal info stolen has got to be some sort of idrentity theft or computer fraud, and they should deff punish the culprit(s). on a side note, i have no idea about the pin and RSA tokens, but how does that work if the person can hack your email? would they not be able to retrieve that info via poker room support like resetting password?

This fking sucks... :( stars support has been REALLY slow as of late. Last two e-mail I sent them, they took 12hrs and 2hrs before they responded. WTF stars???

 

Originally Posted by DonkeyPunchYa

reading this puts me on tilt... i dont understand how no one seems to be able to do anything sbout it or cares about it. it seems to me that pstars should have immediatly frozen the act or something. also the fact that the pigs dont care is bs. you're still an american (presumably paying taxes on your winnings), and for you computer to be hacked and your personal info stolen has got to be some sort of idrentity theft or computer fraud, and they should deff punish the culprit(s). on a side note, i have no idea about the pin and RSA tokens, but how does that work if the person can hack your email? would they not be able to retrieve that info via poker room support like resetting password?

Well you can't seriously expect stars to refund the $. Like I said in a previous post, if they did that, then someone could get a friend to "hack" into their account, try to go big one night on a cash table, and if it didn't work, just get stars to compensate. Thus everyone would be able to freeroll. Additionally, you can't just make the players who won the $ give it back; they won it legitimately. Obv it's a different case if the players at the table had a deal with the hacker and it was dumping known by both sides, but it's likely that wasn't the case in this scenario.

Also, legally Stars basically could do nothing to the culprit. The only thing that they could do post-theft is if he, say, transferred the $ to another account, they could seize that amount. But good luck getting any court in America to listen to an online poker case involving theft.

With RSA tokens, to answer your other question...no, they couldn't get the RSA token info through support. A RSA token is a piece of hardware that they send in the mail that generates a new password every few seconds(or with FTP's, at the push of a button). The only way to be hacked is if someone steals your token, as it's not on your computer at all.

I hope you get your money back, and also hope you are not backed by anyone to make matters worse for you..

Best of luck to you Dylan. Horrible thing to happen, but you have taken measures to prevent it from happening again, and that's all you can do sometimes.

Ya, i got hacked a few months ago (granted it was for only about a 1/3 of what you got hacked for) it was still a very very awful day and have gone through countless measures to protect my accounts.

I think the security measures you discussed are decent, but I think a lot more can be done than what you are saying. Firstly, a lot of the hackings go through email and not just through pokersites so having a PIN really does not do that much for those types of hacking since once you get access to your email the hacker can change your PIN (or find the email that has your PIN in it).

1) Not just 1 email account for all poker. Get 1 email account for each poker site and do not use stuff like cardrunners or pocketfives attached to these emails. Make the email addresses random and do not ever tell anyone the name of these emails. Do not ever send out mail from these emails except to poker site support. Oh and dont make obvious security questions/answers for your email. For example: "What is your mothers maiden name" is quite easy to figure out. Do something completely random or use KeePass for it.

2) Get KeePass. It is a program that creates extremely random passwords that are not guessable and instead of typing in your password each time you just use this program. This prevents key-loggers from being able to see the passwords you type (or guess your passwords).

3) Get good antivurus/spyware/etc programs to protect your computer. There are some good free ones and some good ones you have to pay for, but the $100 or whatever is clearly worth it.

4) Get RSAs. Pretty simple and extremely good security measure. Don't know why everyone doesn't have one tbh. (When I got hacked I had a stars RSA so my stars account was completely fine. UB and FTP which I had pins for however were not.

5) Be careful what you click on and the file transfers or direct IMs you accept on AIM.

Nat had a good blog on this a few years back. I will try to dig it up and post it.

http://www.natarem.com/2008/09/17/te...online-for-50/

http://www.deucescracked.com/article...our-computers-

Ive been reading this site for a couple years. It is absurd how many times
this has happened to people.
IMO they should have a Button on each site that you can get to easely
called "Security Breached". Click the button..... enter your account #
plus your password and INSTANTLY account is frozen until you are contacted
and an investigation has been completed. With the Millions of dollars at stake
on each site I cant believe this has not already happened. =/

Sorry to hear of your misfortune Sir............

Sorry to hear this Dylan. I thank you for sharing your story for the community to learn from. We all need to help one another esp in times like these. Hopefully your able to get some of the money back but knowing that your helping others to prevent these types of attack is valuable.

Thanks again and best of luck.

Jason (anignosaj)

 

Originally Posted by d7o1d1s0

after reading this, i've spent 5000 of my 5004 full tilt points on an RSA token. you have definitely made a difference. best of luck in the future man.

This is good to hear. I think OP posted this to kind of help others avoid the same situation and the best thing would be for everyone with any type of roll that they care about to get the tokens on stars and FTP. I hope the other US sites eventually get this technology as well.....