“credential stuffing” reported atat multiple online gambling sites
https://sbcamericas.com/2022/11/22/credential-stuffing-fraud-us-sportsbooks/
“In light of recent reports of a hack impacting some other sports betting websites, we are reaching out to remind our customers about the importance of good cybersecurity hygiene.”
The basic mechanics of the fraud scheme appears to be “credential stuffing”, where the hackers have bought a database of usernames and passwords, then run those combinations through sports betting and online casino sites to see if they are able to successfully log in. Once in, the scammers changed the bank account information to withdraw funds to the account and changed the phone number and/or email on the account to lock the actual user out.
Quote: MentalI just received a warning e-mail from my gaming provider, so I did a google search. If the link below does not go through, try googling "data breach at online gaming operator". It sent up this article about he recent attack.
https://sbcamericas.com/2022/11/22/credential-stuffing-fraud-us-sportsbooks/
“In light of recent reports of a hack impacting some other sports betting websites, we are reaching out to remind our customers about the importance of good cybersecurity hygiene.”
The basic mechanics of the fraud scheme appears to be “credential stuffing”, where the hackers have bought a database of usernames and passwords, then run those combinations through sports betting and online casino sites to see if they are able to successfully log in. Once in, the scammers changed the bank account information to withdraw funds to the account and changed the phone number and/or email on the account to lock the actual user out.
link to original post
I recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
I would bet that many online gamblers are not sophisticated about internet use in general, and do things to make themselves vulnerable, like using the same user name and password for their favorite porn site everywhere else tooQuote: SOOPOOQuote: MentalI just received a warning e-mail from my gaming provider, so I did a google search. If the link below does not go through, try googling "data breach at online gaming operator". It sent up this article about he recent attack.
https://sbcamericas.com/2022/11/22/credential-stuffing-fraud-us-sportsbooks/
“In light of recent reports of a hack impacting some other sports betting websites, we are reaching out to remind our customers about the importance of good cybersecurity hygiene.”
The basic mechanics of the fraud scheme appears to be “credential stuffing”, where the hackers have bought a database of usernames and passwords, then run those combinations through sports betting and online casino sites to see if they are able to successfully log in. Once in, the scammers changed the bank account information to withdraw funds to the account and changed the phone number and/or email on the account to lock the actual user out.
link to original post
I recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
link to original post
Quote: SOOPOOI recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
link to original post
This will not stop anyone who has purchased a username/password pair that is valid. The will succeed on the first try, so they will never encounter the warning that you received. The real problem is data breaches at crap internet sites. In fact, it would not shock me to find that some internet sites sell out your username password to hackers just to generate revenue.
It also sucks that many online sites insist on using your e-mail as a login credential so you cannot change it without creating a new e-mail account for that purpose. I create a unique username for every online site if they allow it. I will also be changing all of my passwords to strong, unique passwords.
Quote:You may have seen recent news reports concerning possible data compromises at various online gaming operators. Although it is unlikely your Party account has been impacted by these events, we recommend that you take the following steps to protect your account:
• Change your password. Choose a password that you are not using on any other app or website, particularly other online gaming operators.
• Opt in to two-factor authentication (2FA). You will receive a unique access code each time you log in.
• Opt in to email alerts. Receive an email at every login.
Taking these necessary steps will help ensure the continued security of your personal information. If you have any questions or need further assistance, please contact Customer Service.
I believe all sites will eventually require 2FA. Casinos hate to make it harder for you log in an piss away your balance. They will not force you to use 2FA to login again from the same device for a period of time. Any hacker who tries to log in from another device should be deterred by having 2FA turned on.
I have whined about how hard it is to make the first withdrawal from an online casino. I must admit, it appears the operators are under constant attack by hackers trying to drain customer accounts. They really need to protect themselves and their customers by requiring documentation and ID.
Quote: Mental
It also sucks that many online sites insist on using your e-mail as a login credential so you cannot change it without creating a new e-mail account for that purpose. I create a unique username for every online site if they allow it. I will also be changing all of my passwords to strong, unique passwords.
link to original post
If you use GMail, please be aware of the "+" trick.
https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html
https://pokerfraudalert.com/forum/showthread.php?24342-Thieves-who-hit-poker-pros-bank-accounts-are-now-targeting-DraftKings-and-New-Jersey-sites-in-a-new-theft-hacking-scheme.
Quote: SOOPOO
I recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
link to original post
Should be as that is Security 101. They should also be watching for too many attempts from one computer and too many attempts in general over a short period of time, Security 201.
Hopefully they know more than the basics.
Scam City USA re tech wherever you go
welcome to our Brave New World
I don't really even believe that my online bank and brokerage accounts are secure
just hoping if and when I get scammed that these organizations will make things right - who knows - maybe I'll lose $100K to scammers - I wouldn't be at all shocked if it happened
.
Quote: AxelWolfI believe it was our very own Todd Witteles AKA Dan Druff who exposed this after getting 10k taken from his account. Todd Witteles is a poker player/AP. He's also known for the website and radio show Poker Fraud alert. He also owns Alan Mendelson's former website Alan's Best Buys, now Vegas Casino Talk. Many of us here know Todd. He does a great job exposing scams and scammers absolutely free, I don't think his websites, or radio show makes any money or advertises anything (Oy vey!)
https://pokerfraudalert.com/forum/showthread.php?24342-Thieves-who-hit-poker-pros-bank-accounts-are-now-targeting-DraftKings-and-New-Jersey-sites-in-a-new-theft-hacking-scheme.
link to original post
I created a thread about that here last week:
https://wizardofvegas.com/forum/gambling/poker/37720-betmgm-deposit-withdraw-scam-targeting-poker-pros/
Also, he owns Vegas Casino Talk?
That's where Mickey posts now after he got banned from here.
