Account hacking?...

[Richtree7]

A few nights ago at about 3 a.m. I was playing at an on-line casino when I began to have lots of trouble trying to remain connected to the casino. (staying connected to the internet was not the problem). I had to log back in to the casino 4 or 5 times. I finally gave up and thought...well maybe the casino is performing maintenance on their site. About 4 hours later I again logged back in to my account and found that the balance in my account, which was only about $26.00 when I logged out, had now disappeared. I now had a balance of about 39 cents. I then got the casino 'live help' on the line and asked them what happened to my balance. They stated "you played off your balance and even redeemed a $10.00 comp balance"....which I definitely had not done.
I am quite certain someone at the casino did not do this, but Who Did? I live in a condominium complex and was using my secure password wifi rotor at the time...but I am wondering if that is how an unscrupulous neighbor may have gotten into my account? Or, as the 'live help' operator stated.."maybe you have spyware on your computer and someone knows what you are typing into your keyboard" and thus gets my password...
Any computer savvy casinomeister members out there have any idea how this may have occurred?
Thanks for any help you may have.

[RobWin]

Does this Casino have a Name ??

[Richtree7]

Yukon Gold

[Casinomeister]

Yukon Gold

Since this is an MGS casino, get back with the support chat and ask them to check their logs. They should be able to identify whether it was you or not.

What games to you usually play? If your account is played by someone else, that person will normally play different games and have different playing patterns. You can post your player history here - it should be totally different when it was hacked.

[winbig]

I'm sorry to say, but simply enabling the security features on your router doesn't necessarily mean that it's 100% secure.

I suggest reading this article, and doing it...Steps for doing this to your specific router will be in the manual, or you may see it easily in the web admin interface.

Disabling broadcasting of your SSID by your router is definitely the way to go. Basically, if a hacker doesn't see a network, they will have a much harder time trying to find it and hack it. The SSID is one key piece of evidence a hacker needs to even try to connect to your network. I also suggest changing the name of your network via the router. This may be a pain, as you'll need to change it on all computers connecting to that router, but it will ensure that a previous hacker can't get in by knowing the previous network name (SSID).

note: SSID is an acronym for Service Set Identifier. The SSID is a sequence of up to 32 letters or numbers that is the ID, or name, of a wireless local area network

Also, if you can get an exact date and time of when your balance at the casino was played off, you can check the time against your router logs, and it will show if someone you don't know was connected to your network at the time. Unfortunately, all you're going to get is a MAC address of the offending computer...if we were talking about thousands of dollars you could push the issue with law enforcement (if you weren't in the USA...lol), but for this low amount, I'd chalk it up as a lesson learned.

[vinylweatherman]

It's a security hole - I found it out quite by accident before I realised what I had done.

I was playing the Munchkin Monday tournament at the now EX Casino Action casinos, and then went to do some admin on the other PC. I realised I might have made a mistake in recording the amount I had deposited, so loged into the FLASH casino just to check playcheck. I got in, and was able to check playcheck. It was at this point that I realised that this should have been IMPOSSIBLE, as I then remembered that I also had this casino logged on at the other PC with Munchkins on 0.45 autoplay.
I went to check, and sure enough, by logging into FLASH, I had booted my other session off the server. It seems that instead of generating an "already logged in" error, logging into an MG casino that is already in use simply boots the current session in favour of the new.
The symptoms that the OP experienced are consistent with this being a "war" between him and this "hacker", as his attempts to reconnect would have booted the hacker, and vice versa.

Clearly though, it would be necessary for this hacker to have access to both the account number and password, easily done by accessing the registry of the host machine via a compromised wireless network. It may also be possible if the breach allowed the remote execution of code on the host machine, but running the session display elsewhere.

This password should be considered compromised, and possibly ALL casino passwords on that machine.These should ALL be changed RIGHT NOW, and efforts made to secure the wireless network against this.
The machine then needs to be swept thoroughly for malware, and if found, the passwords should be all changed a second time once the machine has been fully cleaned up (in case the malware has been used to obtain these also).
Knowing the account numbers is less of a problem, certainly some casinos think so, as they publish the full account number of prizewinners, rather than just the outer characters, as well as first name and initial of surname.


MG casinos should NOT allow a newer session to boot off an existing session, it should be that an existing session should prevent the creation of a new session, and it should be up to support to log out a "stuck" session after verifying the details of the customer. Sessions that end up "stuck" should also have a default timeout, so that an open session does not sit vulnerably on the casino server if the local client machine loses the ability to establish contact.

[bb28]

It's a security hole - I found it out quite by accident before I realised what I had done.

The symptoms that the OP experienced are consistent with this being a "war" between him and this "hacker", as his attempts to reconnect would have booted the hacker, and vice versa.

Clearly though, it would be necessary for this hacker to have access to both the account number and password, easily done by accessing the registry of the host machine via a compromised wireless network. It may also be possible if the breach allowed the remote execution of code on the host machine, but running the session display elsewhere.

This password should be considered compromised, and possibly ALL casino passwords on that machine.These should ALL be changed RIGHT NOW, and efforts made to secure the wireless network against this.
The machine then needs to be swept thoroughly for malware, and if found, the passwords should be all changed a second time once the machine has been fully cleaned up (in case the malware has been used to obtain these also).
Knowing the account numbers is less of a problem, certainly some casinos think so, as they publish the full account number of prizewinners, rather than just the outer characters, as well as first name and initial of surname.


MG casinos should NOT allow a newer session to boot off an existing session, it should be that an existing session should prevent the creation of a new session, and it should be up to support to log out a "stuck" session after verifying the details of the customer. Sessions that end up "stuck" should also have a default timeout, so that an open session does not sit vulnerably on the casino server if the local client machine loses the ability to establish contact.

Excellent Advice! I would immediately unplug it from the internet and get it checked by a proper security computer consultant. If it is malware (trojan = malware). It's very likely that any and all passwords you have on your computer, any debit card, credit card info, maybe your SS #, and the list goes on are comprimised. If it has been, you should monitor your CC statements, your credit reports, ect.
It most likely did not come from your router setup probably a website you visited, a program you downloaded or an email you opened are the usual suspects. Having a secure router is only part of protecting yourself from malware.

[Richtree7]

in touch with 'live help' and they say Risk Management will have to get back to me...so am waiting for now. In the mean time I have disconnected my router and connected directly to my broadband cable. Haven't seen any other indications of anything wrong with other accounts....yet! Thanks for your suggestions.

[jas2587]

you could check your playcheck records
an see what was in fact played


Good luck
Cindy

[bb28]

in touch with 'live help' and they say Risk Management will have to get back to me...so am waiting for now. In the mean time I have disconnected my router and connected directly to my broadband cable. Haven't seen any other indications of anything wrong with other accounts....yet! Thanks for your suggestions.

My earlier post was misunderstood it seems. I didn't recommend disconnecting from your router, what I suggested to you was completely disconnect from the internet until your machine has been checked and you are positive that it's clean be it malware or of the possibility that you've been hacked. The router does offer you some protection from hackers unless it has been compromised, although routers offer no protection from malware that you might have gotten from the methods I mentioned above. If you have been compromised it is most likely malware, not your router being hacked.
If you have found that someone else in fact was playing on your account then you should take that very seriously and get your machine unplugged and checked right away. If someone stole your casino log in, it's highly likely that anything and everything else you had on your machine is also compromised. I don't mean to frighten you but some trojans. (malware) are key-logging, password stealing, spam sending.........in other words.......very bad stuff.