Full Tilt Account hacked for $40,000

[thetruest]

[ QUOTE ]
I wouldn't accept this answer from Full Tilt either. We leave our money in thier care, and they let someone login to our accounts from other PC's and IPs... In my opinion it is a bug in thier software that this is allowed... Hijak all of FTPDoug's threads until he responds.

[/ QUOTE ]


What he said.

Also, checking the ip accesses to your email (since you say they had to have access to it to delete the gift cert. confirms) is a good idea.

[Drainbamaged]

[ QUOTE ]
[ QUOTE ]
why not just leave yourself logged on 24 hours a day. Even when you are not playing just leave yourself logged in

[/ QUOTE ]

this is probably one of the smartest things to do. Only downside is that your computer is always up and running and exploitable and if something did get on there, all they would have to do is reset the comp in the middle of the night.

[/ QUOTE ]

I don't know the behavior of Full Tilt, but PartyPoker allows logins from other IPs while your already logged in, logging the previous login out.

[Harv72b]

[ QUOTE ]
Another tip is doing something like this.
You use the password lol donkaments.
Your name is John Doe.
Your lucky hand is J9.
First make lol donkaments one word loldonkaments.
Then change some letters to numbers: 1o1donkam3nts for example.
Then add your initials JDl101donkam3nts
Then add your lucly hand JD101donkam3ntsJ9
Then for fulltiltpoker use ftp_JD101donkam3ntsJ9
Then for pokerstars use ps_JD101donkam3ntsJ9
Then for partypoker use pp_JD101donkam3ntsJ9
etc.
It wont help to protect you from keyloggers but It will make you have a safer password and this is what we are using at work, but not exactly the same ofc [img]/images/graemlins/wink.gif[/img]

[/ QUOTE ]

Open a random book. Take the first letter from each paragraph. Or sentence. Or last letter. You get the idea.

If you are infected with a keylogger or are just worried about that possibility, open up a text editor whenever you're about to log in, and alternate your typing between the login window and the text editor. Pain in the butt, but it'd be a much bigger pain in the butt to reconstruct your password from your keystrokes this way.

[Kevroc]

[ QUOTE ]
[ QUOTE ]
Another tip is doing something like this.
You use the password lol donkaments.
Your name is John Doe.
Your lucky hand is J9.
First make lol donkaments one word loldonkaments.
Then change some letters to numbers: 1o1donkam3nts for example.
Then add your initials JDl101donkam3nts
Then add your lucly hand JD101donkam3ntsJ9
Then for fulltiltpoker use ftp_JD101donkam3ntsJ9
Then for pokerstars use ps_JD101donkam3ntsJ9
Then for partypoker use pp_JD101donkam3ntsJ9
etc.
It wont help to protect you from keyloggers but It will make you have a safer password and this is what we are using at work, but not exactly the same ofc [img]/images/graemlins/wink.gif[/img]

[/ QUOTE ]

Open a random book. Take the first letter from each paragraph. Or sentence. Or last letter. You get the idea.

If you are infected with a keylogger or are just worried about that possibility, open up a text editor whenever you're about to log in, and alternate your typing between the login window and the text editor. Pain in the butt, but it'd be a much bigger pain in the butt to reconstruct your password from your keystrokes this way.

[/ QUOTE ]

I liked the copy paste from text file idea. But, someone posted that it isnt foolproof.

But, the above idea of opening a text window and alternately typing sounds very good.

Could this be useful in preventing keyloggers?

[swarm]

Isn't this often a case of the hacker hacking into your email and then using the lost password feature on Full Tilt to email them access to change the password.

Email accounts are far more susceptible to hacks. You have to have both strong password and strong security questions answers to keep them out.

Too many of you make your AIM and EMAIL information public.

How strong was your email password?

Security Questions?

Obviously the hacker got into your email, can you verify with Full Tilt or the email provider to see if an email for a "Lost Password" was sent to your account.

Smart hackers sit in your email and delete the evidence of this.

[shahmat]

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
Another tip is doing something like this.
You use the password lol donkaments.
Your name is John Doe.
Your lucky hand is J9.
First make lol donkaments one word loldonkaments.
Then change some letters to numbers: 1o1donkam3nts for example.
Then add your initials JDl101donkam3nts
Then add your lucly hand JD101donkam3ntsJ9
Then for fulltiltpoker use ftp_JD101donkam3ntsJ9
Then for pokerstars use ps_JD101donkam3ntsJ9
Then for partypoker use pp_JD101donkam3ntsJ9
etc.
It wont help to protect you from keyloggers but It will make you have a safer password and this is what we are using at work, but not exactly the same ofc [img]/images/graemlins/wink.gif[/img]

[/ QUOTE ]

Open a random book. Take the first letter from each paragraph. Or sentence. Or last letter. You get the idea.

If you are infected with a keylogger or are just worried about that possibility, open up a text editor whenever you're about to log in, and alternate your typing between the login window and the text editor. Pain in the butt, but it'd be a much bigger pain in the butt to reconstruct your password from your keystrokes this way.

[/ QUOTE ]

I liked the copy paste from text file idea. But, someone posted that it isnt foolproof.

But, the above idea of opening a text window and alternately typing sounds very good.

Could this be useful in preventing keyloggers?

[/ QUOTE ]

If they can log your keystrokes, they can also log when you change window focus, it would be fairly trivial for them to figure out which window you were typing into.

[kidpokeher]

[ QUOTE ]
Get Keepass and you won't have to worry about anyone being able to hack your password.

[/ QUOTE ]

I get paranoid about programs like this, Roboform and others. On the surface it seems like a good idea, but what's to stop the creator of these programs from making something that sends all your information to them?

[shahmat]

[ QUOTE ]

How strong was your email password?

Security Questions?

Obviously the hacker got into your email, can you verify with Full Tilt or the email provider to see if an email for a "Lost Password" was sent to your account.

Smart hackers sit in your email and delete the evidence of this.

[/ QUOTE ]

I don't believe he got the password through a password request sent to my email, as I was still able to login using my regular password. A regular password request would send out a completely new password and the old one would never be known, I haven't checked with full tilt's security but I would hope this would be the case. My personal email password probably wasn't the strongest, it definitely wasn't guessable but I guess it could have been brute forced.

[Percula]

[ QUOTE ]
[ QUOTE ]

I know it is a pain but I assume that 3rd party sites such as neteller (just an example) are insured agaist this type of problem...gl with whatever happens
-L

[/ QUOTE ]

As far as I know, none of those 3rd party sites provide any type of insurance(but I don't really know). It is quite a pain to transfer back and forth every day, as with some sites there are delays, but perhaps I shoudl do this if I can find some 3rd party site that guarantees their funds. Does anyone know of any?

thanks for all the posts eveeryone.

[/ QUOTE ]

This is not going to help at all.

Based on what you describe you got a keylogger on your PC, likely thru a exploit of an existing application, e.g. visiting a website that is rigged use a exploit and install code.

You can assume that anything you typed on that PC is now in the hands of the hacker. This would include online bank accounts, ewallets, brokerage accounts, tax returns, etc, etc.

You should also assume that any file that was accessible from your PC is now in the hands of the hacker, realistically though he/she would only take something of value to them.

Based on that you should be changing passwords, locking accounts, etc, etc...

The real value in hacking a HS player's account is not cleaning out the poker account, it is cleaning everything else out...

[Broke Rounder]

WADA is right, why is it that the majority of hacked accounts lately have been FTP accounts? This is a serious issue.