blonde poker forum
Welcome, Guest. Please login or register.
March 19, 2024, 11:00:00 AM

Login with username, password and session length
Search:     Advanced search
2272431 Posts in 66752 Topics by 16944 Members
Latest Member: Blader
* Home Help Arcade Search Calendar Guidelines Login Register
+  blonde poker forum
|-+  Poker Forums
| |-+  The Rail
| | |-+  Cardrunners hacked
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Cardrunners hacked  (Read 4020 times)
doubleup
Hero Member
*****
Offline Offline

Posts: 7046


View Profile
« on: May 11, 2011, 09:03:41 AM »

As above - email username and passwords taken (think they also asked a "secret question" on sign up, so don't know about that). They say credit card info not compromised.  So if you used the same password/name for anywhere else best to change asap.

http://forumserver.twoplustwo.com/29/news-views-gossip/cardrunners-hacked-1035717/ - They claim that the passwords were encrypted, but they will have sent you a plain text email with a new password, so its certainly not encrypted now  Wink

btw my email about this went into my junk folder.
« Last Edit: May 11, 2011, 09:14:49 AM by doubleup » Logged
kinboshi
ROMANES EUNT DOMUS
Administrator
Hero Member
*****
Offline Offline

Posts: 44302


We go again.


View Profile WWW
« Reply #1 on: May 11, 2011, 09:28:53 AM »

Got the email too.  Seems a lot of these sites/companies don't really take users' security too seriously.  As mentioned, sending out an email in plain text is hardly the most secure mechanism!
Logged

'The meme for blind faith secures its own perpetuation by the simple unconscious expedient of discouraging rational inquiry.'
Supernova
Sr. Member
****
Offline Offline

Posts: 920


He who laughs last didn't get it.


View Profile
« Reply #2 on: May 11, 2011, 09:35:23 AM »

Got the email too.  Seems a lot of these sites/companies don't really take users' security too seriously.  As mentioned, sending out an email in plain text is hardly the most secure mechanism!



I got it too, even though I've never used the account.

How many of you use a different password for every single account you have no matter what it is because I don't?
Logged

And I need you more than want you.
And I want you for all time.
kinboshi
ROMANES EUNT DOMUS
Administrator
Hero Member
*****
Offline Offline

Posts: 44302


We go again.


View Profile WWW
« Reply #3 on: May 11, 2011, 10:10:05 AM »

Got the email too.  Seems a lot of these sites/companies don't really take users' security too seriously.  As mentioned, sending out an email in plain text is hardly the most secure mechanism!



I got it too, even though I've never used the account.

How many of you use a different password for every single account you have no matter what it is because I don't?

It's tempting to use the same password for different sites/accounts - but things like this show how dangerous that can be.  Someone gets access to one of your passwords, and then they have access to other sites/accounts as well potentially.

Keeping track of dozens of passwords is difficult as well, so what options are there?  I get firefox to remember most of my username:password combinations automatically - but if you're doing this you HAVE to set up a master password that encrypts this information so that if anyone gets access to your computer (either remotely through hacking or a trojan, or physically accesses it) they can't get to your passwords without knowing your master password in firefox.  Don't lose or forget that passoword though!

My gmail recently got hacked (for about 10 minutes, but in that time they managed to send a spammy link to everyone in my contact list), and now I use the two-step verification that should offer a bit more protection in the future.  With anything that's important to you (where money is involved, or where there is important or sensitive information), it's definitely best to use a unique password, and to change it from time to time.
Logged

'The meme for blind faith secures its own perpetuation by the simple unconscious expedient of discouraging rational inquiry.'
TheFallen
Full Member
***
Offline Offline

Posts: 166



View Profile
« Reply #4 on: May 11, 2011, 11:52:16 AM »

Got the email too.  Seems a lot of these sites/companies don't really take users' security too seriously.  As mentioned, sending out an email in plain text is hardly the most secure mechanism!



I got it too, even though I've never used the account.

How many of you use a different password for every single account you have no matter what it is because I don't?


I never used to until my main poker account got hacked recently and cleaned out. Always thought i took fairly decent care of what was on my system but my password variation was lacking. If a hacker compromises your email then its fairly easy for them to have a new password sent out from most poker sites as secuirty questions/answers are usually fairly guessable or easy to find (FB etc).

Id advise any poker player to get a gmail account or similar with extra verification and also use a password storage similar to whats already been mentioned (there are tighter ones available to purchase).

Also make sure to take advantage of security tokens offered by stars and FT.  If you aren't the required vip level on moneybookers for them to offer you rsa tokens then hassling support seems to work.
Logged

Blame it on my A.D.D. baby
Bongo
Hero Member
*****
Offline Offline

Posts: 8827



View Profile
« Reply #5 on: May 11, 2011, 03:36:28 PM »

I wonder how many of these go on that we don't hear about?

I know for a fact that several poker sites have compromised at least some of my details.
Logged

Do you think it's dangerous to have Busby Berkeley dreams?
kinboshi
ROMANES EUNT DOMUS
Administrator
Hero Member
*****
Offline Offline

Posts: 44302


We go again.


View Profile WWW
« Reply #6 on: May 11, 2011, 05:44:13 PM »

I wonder how many of these go on that we don't hear about?

I know for a fact that several poker sites have compromised at least some of my details.

Yes, I've seen that too (not from poker accounts, but elsewhere).  Like you I'll use a thispokersite@... or thatpokersite@... and then you'll get spam or emails from third-parties to that address. Naughty people (or just crap with their security of your private details, which amounts to the same thing).
Logged

'The meme for blind faith secures its own perpetuation by the simple unconscious expedient of discouraging rational inquiry.'
Bongo
Hero Member
*****
Offline Offline

Posts: 8827



View Profile
« Reply #7 on: May 11, 2011, 05:48:08 PM »

Not just spam to that address, but my name too (which as it isn't in the email addy can't be taken from that).
Logged

Do you think it's dangerous to have Busby Berkeley dreams?
Dino
Sr. Member
****
Offline Offline

Posts: 622



View Profile
« Reply #8 on: May 12, 2011, 03:03:55 PM »

Not just spam to that address, but my name too (which as it isn't in the email addy can't be taken from that).
I get a lot of casino spam to the address I used to sign up to DTD that uses my name.
Logged
Bongo
Hero Member
*****
Offline Offline

Posts: 8827



View Profile
« Reply #9 on: May 12, 2011, 03:15:00 PM »

Did you only sign up to DTD using that address?

I get loads of casino spam to addresses that have been used for non gambling sites.

I don't think I've had any (non DTD) spam to my DTD address.
Logged

Do you think it's dangerous to have Busby Berkeley dreams?
Dino
Sr. Member
****
Offline Offline

Posts: 622



View Profile
« Reply #10 on: May 12, 2011, 04:11:27 PM »

Anything I sign up to is "the site name"@,so DTD could easily be random but they address me by name as well.
Logged
doubleup
Hero Member
*****
Offline Offline

Posts: 7046


View Profile
« Reply #11 on: May 14, 2011, 09:37:55 AM »



PTR now admit to being hacked as well........
Logged
TommyD
Sr. Member
****
Offline Offline

Posts: 635


View Profile
« Reply #12 on: May 14, 2011, 12:40:03 PM »



PTR now admit to being hacked as well........

Yup, got that email this morning too.  Worrying times.
Logged
TFMonty
Newbie
*
Offline Offline

Posts: 19


View Profile
« Reply #13 on: May 15, 2011, 02:17:36 PM »

i just deleted these as fishing scams, assume they actually serious?
Logged
doubleup
Hero Member
*****
Offline Offline

Posts: 7046


View Profile
« Reply #14 on: May 15, 2011, 05:09:08 PM »

i just deleted these as fishing scams, assume they actually serious?

the CR one quoted your username, so unlikely to be phishing - the PTR one could be I suppose and def does have a dodgy link.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.103 seconds with 21 queries.