| InvisibleSoul | 01-16-2010 11:32 AM |
Anyways, not that I actually feel the need to prove anything, I decided to look for an old blog post that I had written up about this incident... and this was from April 4th, 2007.
And yes, so it was actually a hand of Blackjack that the guy played, and not a roulette bet that I had mistakenly remembered it to be... but that's just an insignificant detail. Quote:
Chapter 83: Unauthorized Access
Tonight, the most extraordinary event unfolded before my very eyes.
Just after 10pm, I was logged onto PartyPoker (but not playing) when I received a popup alert saying the software had to close because I had logged in on another computer. I found that odd, but thought maybe it was just an error on their side, and didn’t think much of it.
A few minutes later, at 10:11pm, my GMail Notifier displayed that I had just received an email from PartyPoker saying I had purchased a gift certificate for US$200. I had done no such thing, so this got me a bit concerned. I checked the email over, and it looked legitimate. My next step was to check my PartyPoker balance. From earlier, I knew my balance was US$2640.31. I log in and see that my balance… was still US$2640.31. Okay, so all of my money is still there. Maybe somehow their system got messed up and sent me that email by mistake.
I went to look at the email again. The only problem was, the email was being deleted from my account right in front of my eyes. When I tried reloading it the first time, it gave me the option of undeleting it, which I promptly clicked, but alas, the email disappeared without a trace. What in the hell is going on here?
I decided I had better call up PartyPoker right away and see if they could shed some light on what’s going on. When they told me what had happened, I was flabbergasted. They said the logs for my account indicated somebody had taken US$200 to a blackjack table, left with US$400, then went and purchased the US$200 gift certificate. When I informed them that I had in fact not been the one to have done these transactions, they reversed the gift certificate purchase and promptly put a hold on my account so that the security investigations team could look into the situation.
While that was being done, I still had access to my account in the meantime, and when I checked my transaction history, I did indeed see that US$200 was taken to a blackjack table at 10:08pm, and the very next minute at 10:09pm US$400 was taken away from the table. So it looks like the perpretrator put the US$200 down on a single hand, and just so happened to win. At 10:11pm, he ordered a gift certificate in the amount of the winnings, US$200.
I was told to write an email to the PartyPoker investigations team to explain exactly what happened, and then I would get a call back in 24-48 hours after they have had a chance to look into it. I took a couple minutes to assess the situation, and decided I needed to take action immediately and change all my passwords for every single poker site and online wallet, and make them a lot more secure than they used to be.
After that, I wrote up the email, sent it off, and called PartyPoker up again just to confirm that they received it. Now, all I could do is wait for them to call me back. Fortunately, they were very dilligent on this case, and I got a call back from their security department within half an hour. The person on the other end of the line was very pleasant to talk to, and we discussed the situation in detail. He was able to give me the IP address that was used to access my account, and I did a quick lookup and it traced to Eastern Canada, possibly Ottawa. However, he also said they couldn’t link that IP address with any other account, because that IP had never been used before by anyone logging into PartyPoker. One thing I was wondering is why the hacker would have only done this with US$200, instead of my whole balance of US$2600. The procedure would have been the same regardless of the amount. Because of this, and some other factors as well, the security guy was saying it would seem like this was the work of someone that knows me, and was just trying to make a quick buck but not wanting to lose all my money. But try as I might, there just isn’t anyone at all i could think of that would match the profile.
During our conversation, I explained to him that I am actually a systems administrator myself, and am, in fact, quite well versed on employing proper security measures and avoiding scam tactics such as phishing and malware. Those couldn’t have been the avenues the hacker used to compromise my account. I have not shared my account password with anyone, and I simply could not come up with any answer as to how the hacker was able to get a hold of my login information. Even worse is, the fact that the gift certificate email got deleted meant that the hacker had access to my email account as well. Now this part really concerned me. If he had access to my email, he could have potentially gotten the passwords to my online wallets as well. It dawned on me that yesterday, I had received a lost password email from Moneybookers, and I had never requested that either. But my Moneybookers account was never touched, as the only thing that could be done with that email was to reset my password, and I know my password never changed. But Moneybookers was the least of my worries, since I had no money in there currently, but Neteller was a different story. Fortunately, not a penny was out of place there either.
After I ensured the security guy I had taken measures to protect my account, he released the hold on it. In light of all of this, combined with the fact that Neteller is closing shop for all Canadian gamblers, I decided to withdraw a large chunk of my bankroll out. It’s going to be much more difficult to make transactions to poker sites now, so I imagine I may start playing less and less as time goes on.
Being in my profession, instead of feeling violated, I couldn’t help but to primarily feel embarrassed about this having happened to me. The worst part is I still have no idea how the hacker could have possibly gotten hold of my login credentials, not only for PartyPoker, but for GMail as well. This is quite disconcerting because even though I have beefed up the security of my logins, I don’t know whether that is enough to prevent it from happening again. My only guess at this point is that they managed to hack into one of the sites associated with poker that I’m a member of, such as PokerSourceOnline or PokerSavvy, and found some information through there. Other than that, I’m pretty much drawing dead.
I guess this whole ordeal opened my eyes to the fact I need to start employing better account security in general. I actually came out of all this very lucky, as it could have been orders of magnitude worse.
If at that time, I didn’t happen to be in front of my computer, logged into PartyPoker, and have GMail Notifier, I may not have known that any of this even took place, because my account balance would have ended up being exactly the same, and I would have never seen the gift certificate email.
Also, there was nothing that stopped the hacker from being much more reckless with my money. PartyPoker’s policy on this is that since their system is secure, and that the breach occurred on my side, if the hacker had lost my money, there would be no eligibility of compensation. If the hacker had lost that US$200 hand of blackjack, or put my entire balance on the line and lost, I would have been completely shit out of luck.
Ironically, as it turns out, since the hacker actually WON US$200, and I acted quick enough to cancel the gift certificate he ordered, I get to keep that money.
This is definitely US$200 I could have done without.
| |
