Number of PokerStars Accounts Compromised Recently

A thread that initially appeared in the Internet section of the 2+2 forum in late February by the user 'Arcana' alleged that their account was accessed by someone from Poland. This person proceeded to turn all of the FPPs in the account to cash and then made a series of small fraudulent deposits using a false credit card.

After a hacker played for a while, he proceeded to cashout two sums of $800 to his own NETeller account, the account that has never been used previously by the original poster and was only used that night to deposit $10 to connect it to the PokerStars account.

'Arcana' continued to explain that they've been inactive on their PokerStars account for a long time and, apart from the FPPs, there was no money lost in this attempt (which was still a small 4-figure amount). However, in order to have their account reinstated, PokerStars are requesting a deposit to be made to cover the funds deposited using a fraudulent Master Card.

This particular request has stirred up a big discussion within the community, as it doesn't seem fair that a user should be responsible for these funds. While PokerStars on the one hand claims that protecting private information, like passwords, is a sole responsibility of the user, 'Arcana' maintains that since there were no other accounts accessed but the PokerStars, it is unlikely that the unauthorized access was a result of his error.

Apart from this, the real question that everyone seems to be asking is how did all this suspicious activity passed the PokerStars security measures. There was an access from the country that the real user has never visited or played from, a series of small deposits from a credit card registered to a different name and, finally, a withdrawal (processed within minutes) to a brand new NETeller account that was never used to make a deposit prior to that night. How did it happen that none of this sounded an alarm bell?

One poster gave a detailed explanation of how this could happen and go undetected, which sounded possible, provided that there was, in fact, a Trojan installed on one of victim's computers (PS claimed that whoever accessed the account did so in one attempt, so there were no wrong passwords entered). However, on February 27, another user came into the thread claiming that the exact same thing happened to them.

More players with the same problem

It did not stop there and several other users came into the thread with the same (or very similar) story. Accounts being hacked, fraudulent deposits made and then money withdrawn using a different method (since PS doesn't allow withdrawals to Master Card).

As the number of people reporting the problem has grown, so have the concerns of the users, as the possibility of an error on part of the user was diminishing. One or two isolated incidents are always more likely to be an infected computer or something similar, but a dozen or so users reporting the same scenario are a cause for concern.

Several posters have started leaning towards the idea that this could be some sort of internal leak or security breech on PokerStars side, although without any real evidence to back up the claims. That being said, it is clear that something very strange and unusual is going on.

Accounts coming under attack are, naturally, only those using one layer of protection, e.g. not using PIN or RSA security tokens. As it became clear after reading the thread, many users were not even aware of these options. The fact of the matter is, many of PokerStars players are not that much into technology and don't really expect something like this to happen to them. This still doesn't answer the question how the hackers obtained the passwords in the first place, especially seeing that users reporting the hacks were not connected in any way.

PokerStars response

It took a while, but the official PokerStars response was finally posted in the thread yesterday by PokerStars Michael J, the company representative and PR on the forums. Unfortunately, the answer did not contain too much new information that wasn't already contained in numerous emails sent back and forth between the PokerStars and the victims.

It was stated that there was no evidence found to support the idea that the PokerStars database has been compromised and that the information stored within is protected using hashing technique, which is even more advanced than the standard encryption.

Elaborating on 'obvious' flags that should have been raised in these instances, PokerStars representative explained that these are, in fact, very common occurrences and that if they conducted their security procedures using these flags, they would have a big number of 'false positives'.

PokerStars Michael emphasized several times further in the thread, answering some of the users' questions, that in order to make their accounts as safe as possible, they should be using SMS Validation and / or PIN (which are both free), with RSA token being the ultimate protection measure, although it is not completely free to obtain.

It is a very long read, as the thread has nearly 400 posts and at the moment, this is an ongoing situation. There've been some claims that these incidents could have started as early as five months ago, but with lesser frequency.

It is really hard to guess at this point what the investigation(s) will uncover, but the issue gathered a great number of players as it is clearly a very important one for the online poker community. We will try to keep you informed with any important developments and new findings as this whole matter (hopefully) moves closer to a resolution.