Mental
Mental
  • Threads: 14
  • Posts: 1449
Joined: Dec 10, 2018
November 23rd, 2022 at 12:45:50 PM permalink
I just received a warning e-mail from my gaming provider, so I did a google search. If the link below does not go through, try googling "data breach at online gaming operator". It sent up this article about he recent attack.

https://sbcamericas.com/2022/11/22/credential-stuffing-fraud-us-sportsbooks/

“In light of recent reports of a hack impacting some other sports betting websites, we are reaching out to remind our customers about the importance of good cybersecurity hygiene.”

The basic mechanics of the fraud scheme appears to be “credential stuffing”, where the hackers have bought a database of usernames and passwords, then run those combinations through sports betting and online casino sites to see if they are able to successfully log in. Once in, the scammers changed the bank account information to withdraw funds to the account and changed the phone number and/or email on the account to lock the actual user out.
This forum is more enjoyable after I learned how to use the 'Block this user' button.
SOOPOO
SOOPOO
  • Threads: 122
  • Posts: 11140
Joined: Aug 8, 2010
November 23rd, 2022 at 1:58:15 PM permalink
Quote: Mental

I just received a warning e-mail from my gaming provider, so I did a google search. If the link below does not go through, try googling "data breach at online gaming operator". It sent up this article about he recent attack.

https://sbcamericas.com/2022/11/22/credential-stuffing-fraud-us-sportsbooks/

“In light of recent reports of a hack impacting some other sports betting websites, we are reaching out to remind our customers about the importance of good cybersecurity hygiene.”

The basic mechanics of the fraud scheme appears to be “credential stuffing”, where the hackers have bought a database of usernames and passwords, then run those combinations through sports betting and online casino sites to see if they are able to successfully log in. Once in, the scammers changed the bank account information to withdraw funds to the account and changed the phone number and/or email on the account to lock the actual user out.
link to original post



I recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
odiousgambit
odiousgambit
  • Threads: 327
  • Posts: 9644
Joined: Nov 9, 2009
November 23rd, 2022 at 2:04:37 PM permalink
Quote: SOOPOO

Quote: Mental

I just received a warning e-mail from my gaming provider, so I did a google search. If the link below does not go through, try googling "data breach at online gaming operator". It sent up this article about he recent attack.

https://sbcamericas.com/2022/11/22/credential-stuffing-fraud-us-sportsbooks/

“In light of recent reports of a hack impacting some other sports betting websites, we are reaching out to remind our customers about the importance of good cybersecurity hygiene.”

The basic mechanics of the fraud scheme appears to be “credential stuffing”, where the hackers have bought a database of usernames and passwords, then run those combinations through sports betting and online casino sites to see if they are able to successfully log in. Once in, the scammers changed the bank account information to withdraw funds to the account and changed the phone number and/or email on the account to lock the actual user out.
link to original post


I recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
link to original post

I would bet that many online gamblers are not sophisticated about internet use in general, and do things to make themselves vulnerable, like using the same user name and password for their favorite porn site everywhere else too
the next time Dame Fortune toys with your heart, your soul and your wallet, raise your glass and praise her thus: “Thanks for nothing, you cold-hearted, evil, damnable, nefarious, low-life, malicious monster from Hell!”   She is, after all, stone deaf. ... Arnold Snyder
Mental
Mental
  • Threads: 14
  • Posts: 1449
Joined: Dec 10, 2018
November 23rd, 2022 at 2:28:03 PM permalink
Quote: SOOPOO

I recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
link to original post


This will not stop anyone who has purchased a username/password pair that is valid. The will succeed on the first try, so they will never encounter the warning that you received. The real problem is data breaches at crap internet sites. In fact, it would not shock me to find that some internet sites sell out your username password to hackers just to generate revenue.

It also sucks that many online sites insist on using your e-mail as a login credential so you cannot change it without creating a new e-mail account for that purpose. I create a unique username for every online site if they allow it. I will also be changing all of my passwords to strong, unique passwords.
This forum is more enjoyable after I learned how to use the 'Block this user' button.
Mental
Mental
  • Threads: 14
  • Posts: 1449
Joined: Dec 10, 2018
November 23rd, 2022 at 2:38:38 PM permalink
Quote:

You may have seen recent news reports concerning possible data compromises at various online gaming operators. Although it is unlikely your Party account has been impacted by these events, we recommend that you take the following steps to protect your account:

• Change your password. Choose a password that you are not using on any other app or website, particularly other online gaming operators.
• Opt in to two-factor authentication (2FA). You will receive a unique access code each time you log in.
• Opt in to email alerts. Receive an email at every login.

Taking these necessary steps will help ensure the continued security of your personal information. If you have any questions or need further assistance, please contact Customer Service.



I believe all sites will eventually require 2FA. Casinos hate to make it harder for you log in an piss away your balance. They will not force you to use 2FA to login again from the same device for a period of time. Any hacker who tries to log in from another device should be deterred by having 2FA turned on.

I have whined about how hard it is to make the first withdrawal from an online casino. I must admit, it appears the operators are under constant attack by hackers trying to drain customer accounts. They really need to protect themselves and their customers by requiring documentation and ID.
This forum is more enjoyable after I learned how to use the 'Block this user' button.
Dieter
Administrator
Dieter
  • Threads: 16
  • Posts: 5682
Joined: Jul 23, 2014
November 23rd, 2022 at 3:03:24 PM permalink
Quote: Mental


It also sucks that many online sites insist on using your e-mail as a login credential so you cannot change it without creating a new e-mail account for that purpose. I create a unique username for every online site if they allow it. I will also be changing all of my passwords to strong, unique passwords.
link to original post



If you use GMail, please be aware of the "+" trick.

https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html
May the cards fall in your favor.
AxelWolf
AxelWolf
  • Threads: 164
  • Posts: 22296
Joined: Oct 10, 2012
Thanked by
Mental
November 23rd, 2022 at 3:29:44 PM permalink
I believe it was our very own Todd Witteles AKA Dan Druff who exposed this after getting 10k taken from his account. Todd Witteles is a poker player/AP. He's also known for the website and radio show Poker Fraud alert. He also owns Alan Mendelson's former website Alan's Best Buys, now Vegas Casino Talk. Many of us here know Todd. He does a great job exposing scams and scammers absolutely free, I don't think his websites, or radio show makes any money or advertises anything (Oy vey!)

https://pokerfraudalert.com/forum/showthread.php?24342-Thieves-who-hit-poker-pros-bank-accounts-are-now-targeting-DraftKings-and-New-Jersey-sites-in-a-new-theft-hacking-scheme.
♪♪Now you swear and kick and beg us That you're not a gamblin' man Then you find you're back in Vegas With a handle in your hand♪♪ Your black cards can make you money So you hide them when you're able In the land of casinos and money You must put them on the table♪♪ You go back Jack do it again roulette wheels turinin' 'round and 'round♪♪ You go back Jack do it again♪♪
AZDuffman
AZDuffman
  • Threads: 242
  • Posts: 14155
Joined: Nov 2, 2009
November 24th, 2022 at 3:59:02 AM permalink
Quote: SOOPOO



I recently mistyped a password twice in a row for an online Sportsbook and was warned that if it happened one more time my account would be locked, and I forgot what I’d have to do to unlock it. Is this not common practice at on line sports books?
link to original post



Should be as that is Security 101. They should also be watching for too many attempts from one computer and too many attempts in general over a short period of time, Security 201.

Hopefully they know more than the basics.
All animals are equal, but some are more equal than others
lilredrooster
lilredrooster
  • Threads: 237
  • Posts: 6793
Joined: May 8, 2015
November 24th, 2022 at 7:25:33 AM permalink
___________


Scam City USA re tech wherever you go

welcome to our Brave New World




I don't really even believe that my online bank and brokerage accounts are secure
just hoping if and when I get scammed that these organizations will make things right - who knows - maybe I'll lose $100K to scammers - I wouldn't be at all shocked if it happened


.
the foolish sayings of a rich man often pass for words of wisdom by the fools around him
100xOdds
100xOdds
  • Threads: 647
  • Posts: 4379
Joined: Feb 5, 2012
November 24th, 2022 at 7:39:08 AM permalink
Quote: AxelWolf

I believe it was our very own Todd Witteles AKA Dan Druff who exposed this after getting 10k taken from his account. Todd Witteles is a poker player/AP. He's also known for the website and radio show Poker Fraud alert. He also owns Alan Mendelson's former website Alan's Best Buys, now Vegas Casino Talk. Many of us here know Todd. He does a great job exposing scams and scammers absolutely free, I don't think his websites, or radio show makes any money or advertises anything (Oy vey!)

https://pokerfraudalert.com/forum/showthread.php?24342-Thieves-who-hit-poker-pros-bank-accounts-are-now-targeting-DraftKings-and-New-Jersey-sites-in-a-new-theft-hacking-scheme.
link to original post


I created a thread about that here last week:
https://wizardofvegas.com/forum/gambling/poker/37720-betmgm-deposit-withdraw-scam-targeting-poker-pros/

Also, he owns Vegas Casino Talk?
That's where Mickey posts now after he got banned from here.
Craps is paradise (Pair of dice). Lets hear it for the SpeedCount Mathletes :)
  • Jump to: