Mental
Mental
Joined: Dec 10, 2018
  • Threads: 4
  • Posts: 239
November 23rd, 2022 at 12:45:50 PM permalink
I just received a warning e-mail from my gaming provider, so I did a google search. If the link below does not go through, try googling "data breach at online gaming operator". It sent up this article about he recent attack.

https://sbcamericas.com/2022/11/22/credential-stuffing-fraud-us-sportsbooks/

“In light of recent reports of a hack impacting some other sports betting websites, we are reaching out to remind our customers about the importance of good cybersecurity hygiene.”

The basic mechanics of the fraud scheme appears to be “credential stuffing”, where the hackers have bought a database of usernames and passwords, then run those combinations through sports betting and online casino sites to see if they are able to successfully log in. Once in, the scammers changed the bank account information to withdraw funds to the account and changed the phone number and/or email on the account to lock the actual user out.
SOOPOO
SOOPOO
Joined: Aug 8, 2010
  • Threads: 118
  • Posts: 9326
November 23rd, 2022 at 1:58:15 PM permalink
Quote: Mental

I just received a warning e-mail from my gaming provider, so I did a google search. If the link below does not go through, try googling "data breach at online gaming operator". It sent up this article about he recent attack.

https://sbcamericas.com/2022/11/22/credential-stuffing-fraud-us-sportsbooks/

“In light of recent reports of a hack impacting some other sports betting websites, we are reaching out to remind our customers about the importance of good cybersecurity hygiene.”

The basic mechanics of the fraud scheme appears to be “credential stuffing”, where the hackers have bought a database of usernames and passwords, then run those combinations through sports betting and online casino sites to see if they are able to successfully log in. Once in, the scammers changed the bank account information to withdraw funds to the account and changed the phone number and/or email on the account to lock the actual user out.
link to original post



I recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
odiousgambit
odiousgambit
Joined: Nov 9, 2009
  • Threads: 318
  • Posts: 8963
November 23rd, 2022 at 2:04:37 PM permalink
Quote: SOOPOO

Quote: Mental

I just received a warning e-mail from my gaming provider, so I did a google search. If the link below does not go through, try googling "data breach at online gaming operator". It sent up this article about he recent attack.

https://sbcamericas.com/2022/11/22/credential-stuffing-fraud-us-sportsbooks/

“In light of recent reports of a hack impacting some other sports betting websites, we are reaching out to remind our customers about the importance of good cybersecurity hygiene.”

The basic mechanics of the fraud scheme appears to be “credential stuffing”, where the hackers have bought a database of usernames and passwords, then run those combinations through sports betting and online casino sites to see if they are able to successfully log in. Once in, the scammers changed the bank account information to withdraw funds to the account and changed the phone number and/or email on the account to lock the actual user out.
link to original post


I recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
link to original post

I would bet that many online gamblers are not sophisticated about internet use in general, and do things to make themselves vulnerable, like using the same user name and password for their favorite porn site everywhere else too
The Dice, the cards, they not only have no sense of justice but are seemingly endowed with a sense of cruel irony. This devolves from the 'nature of random'. Ironically, don't you see. 
Mental
Mental
Joined: Dec 10, 2018
  • Threads: 4
  • Posts: 239
November 23rd, 2022 at 2:28:03 PM permalink
Quote: SOOPOO

I recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
link to original post


This will not stop anyone who has purchased a username/password pair that is valid. The will succeed on the first try, so they will never encounter the warning that you received. The real problem is data breaches at crap internet sites. In fact, it would not shock me to find that some internet sites sell out your username password to hackers just to generate revenue.

It also sucks that many online sites insist on using your e-mail as a login credential so you cannot change it without creating a new e-mail account for that purpose. I create a unique username for every online site if they allow it. I will also be changing all of my passwords to strong, unique passwords.
Mental
Mental
Joined: Dec 10, 2018
  • Threads: 4
  • Posts: 239
November 23rd, 2022 at 2:38:38 PM permalink
Quote:

You may have seen recent news reports concerning possible data compromises at various online gaming operators. Although it is unlikely your Party account has been impacted by these events, we recommend that you take the following steps to protect your account:

• Change your password. Choose a password that you are not using on any other app or website, particularly other online gaming operators.
• Opt in to two-factor authentication (2FA). You will receive a unique access code each time you log in.
• Opt in to email alerts. Receive an email at every login.

Taking these necessary steps will help ensure the continued security of your personal information. If you have any questions or need further assistance, please contact Customer Service.



I believe all sites will eventually require 2FA. Casinos hate to make it harder for you log in an piss away your balance. They will not force you to use 2FA to login again from the same device for a period of time. Any hacker who tries to log in from another device should be deterred by having 2FA turned on.

I have whined about how hard it is to make the first withdrawal from an online casino. I must admit, it appears the operators are under constant attack by hackers trying to drain customer accounts. They really need to protect themselves and their customers by requiring documentation and ID.
Dieter
Administrator
Dieter
Joined: Jul 23, 2014
  • Threads: 13
  • Posts: 3813
November 23rd, 2022 at 3:03:24 PM permalink
Quote: Mental


It also sucks that many online sites insist on using your e-mail as a login credential so you cannot change it without creating a new e-mail account for that purpose. I create a unique username for every online site if they allow it. I will also be changing all of my passwords to strong, unique passwords.
link to original post



If you use GMail, please be aware of the "+" trick.

https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html
May the cards fall in your favor.
AxelWolf
AxelWolf
Joined: Oct 10, 2012
  • Threads: 156
  • Posts: 20899
Thanks for this post from:
Mental
November 23rd, 2022 at 3:29:44 PM permalink
I believe it was our very own Todd Witteles AKA Dan Druff who exposed this after getting 10k taken from his account. Todd Witteles is a poker player/AP. He's also known for the website and radio show Poker Fraud alert. He also owns Alan Mendelson's former website Alan's Best Buys, now Vegas Casino Talk. Many of us here know Todd. He does a great job exposing scams and scammers absolutely free, I don't think his websites, or radio show makes any money or advertises anything (Oy vey!)

https://pokerfraudalert.com/forum/showthread.php?24342-Thieves-who-hit-poker-pros-bank-accounts-are-now-targeting-DraftKings-and-New-Jersey-sites-in-a-new-theft-hacking-scheme.
♪♪Now you swear and kick and beg us That you're not a gamblin' man Then you find you're back in Vegas With a handle in your hand♪♪ Your black cards can make you money So you hide them when you're able In the land of casinos and money You must put them on the table♪♪ You go back Jack do it again roulette wheels turinin' 'round and 'round♪♪ You go back Jack do it again♪♪
AZDuffman
AZDuffman
Joined: Nov 2, 2009
  • Threads: 235
  • Posts: 12944
November 24th, 2022 at 3:59:02 AM permalink
Quote: SOOPOO



I recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
link to original post



Should be as that is Security 101. They should also be watching for too many attempts from one computer and too many attempts in general over a short period of time, Security 201.

Hopefully they know more than the basics.
All animals are equal, but some are more equal than others
lilredrooster
lilredrooster
Joined: May 8, 2015
  • Threads: 211
  • Posts: 5018
November 24th, 2022 at 7:25:33 AM permalink
___________


Scam City USA re tech wherever you go

welcome to our Brave New World




I don't really even believe that my online bank and brokerage accounts are secure
just hoping if and when I get scammed that these organizations will make things right - who knows - maybe I'll lose $100K to scammers - I wouldn't be at all shocked if it happened


.
"believe half of what you see and none of what you hear" - Edgar Allan Poe
100xOdds
100xOdds
Joined: Feb 5, 2012
  • Threads: 570
  • Posts: 3677
November 24th, 2022 at 7:39:08 AM permalink
Quote: AxelWolf

I believe it was our very own Todd Witteles AKA Dan Druff who exposed this after getting 10k taken from his account. Todd Witteles is a poker player/AP. He's also known for the website and radio show Poker Fraud alert. He also owns Alan Mendelson's former website Alan's Best Buys, now Vegas Casino Talk. Many of us here know Todd. He does a great job exposing scams and scammers absolutely free, I don't think his websites, or radio show makes any money or advertises anything (Oy vey!)

https://pokerfraudalert.com/forum/showthread.php?24342-Thieves-who-hit-poker-pros-bank-accounts-are-now-targeting-DraftKings-and-New-Jersey-sites-in-a-new-theft-hacking-scheme.
link to original post


I created a thread about that here last week:
https://wizardofvegas.com/forum/gambling/poker/37720-betmgm-deposit-withdraw-scam-targeting-poker-pros/

Also, he owns Vegas Casino Talk?
That's where Mickey posts now after he got banned from here.
Craps is paradise (Pair of dice). Lets hear it for the SpeedCount Mathletes :)

  • Jump to: