PokerTracker Software Targeted By Hackers

1 year ago
PokerTracker Software Targeted By Hackers
02 Sep

The highly popular poker improvement tool, PokerTracker, was recently the subject of a hack attack aimed at threatening users’ credit card details.

While users of the app PokerTracker 4 are thought to be unaffected, anyone running the software through either or the sub domain will be contacted by Max Value Software, owners of PT4, by email in due course. In the meantime, they are advised to watch their accounts for any signs of suspicious activity.

However, most of the major credit-card providers only allow a 120-day window for people to appeal against any fraudulent activities which rules out these attacks which took place between December 23, 2018 through January 2, 2019.


PT4 was, at that time, infected with a Magecart script whose aim is to rip customers’ payment information and is the same virus that was responsible for similar attacks on British Airways and Ticketmaster. It is believed that the offending Magecart code was specifically crafted for PT, who do not store billing information on their servers, to fetch and deliver sensitive data to the hackers.

The attack only came to light as recently as August 8 after one user on the Malwarebytes forums, smokingjoker, reported suspicious activity on the poker software’s website. In his post, smokingjoker provides details that clearly show traffic being redirected from to an IP address which was home to

Ajaxclick hosts numerous credit-card skimmers accredited to the notorious Magecart criminal ring and it’s from there that they managed to infiltrate the PT software and inject malicious code into and its sub domains..

Outdated CMS

The attack was made possible because of Max Value Software’s, who also publish Hold’em Manager and Table Ninja, reliance on the outdated Drupal version 6.3x which was known to be highly vulnerable to these types of attacks. The latest release has been available since June.

Max Value Software and PokerTracker managing partner, Derek Charles believes the number of affected users to be in the low thousands and that, while usernames and passwords are safe, it’s recommended that users change their settings regardless. According to Charles, Drupal was removed within an hour of becoming aware of the incident some seven months after the infiltration.

Articles 4

Pete can usually be found in one of Southend’s three casinos putting in a crap performance in one card game or another. A former bookie, he likes a pint or more in his local pub to wash down each disappointing performance and relaxes by watching – and betting on – just about any kind of sport ...Read more


You need to be logged in to post a new comment

No Comments found.