MoneyBookers account hacked and emptied...

[KasinoKing]

Got a very nasty surprise this-morning; a series of e-mails about withdrawals from my MB account which weren't by me!
Turns out my account was hacked.

Doubly annoying because I just withdrew €250 from a casino in the early hours which hit my account at 1:37am... and the thief started stealing all my money at 1:58am.
He/she made 14 small-ish withdrawals over the next 5 hours until my whole balance was gone

Hopefully MB can recover the funds - but I don't know what the chances are...?

KK

[SlotMonster]

Please post a email where your money gone.

[jenn1381]

Ohhhhh no that sucks! I sure hope they can recover the funds, we need to have some faith that if there is something shady going on, they'll fix it and make it right! So sorry this happened, fingers crossed it works out ok for you KK!

[ksech]

Sorry this has happened to you KK. It seems that the bigger ewallets for Non US players are being targeted by fraudsters. You with Moneybookers and last month Nifty29 with Neteller. You would think there would be better "security" in place so these things can't happen.

[Casinomeister]

Any idea how it got hacked? Did they use a password cracker? Did you use your MB account at some of the more skankier casinos?

Have you heard anything yet from MB?

[Stovetopp]

14 withdrawals in 5 hours? Seems hard to believe that MB would allow such a thing.

Where was the money sent? Didn't it have to go directly to your Bank Account?
And if the thief changed bank account wouldn't MB have to verify it with you?

As a very outstanding memner of the forum here KK, I do beleive what you said, but then if those are ther facts MB really sucks I am suire it has to be an error. It can't be that easy Will wait to hear VNW's comment

Hope all turns out well KK

[coxwel]

normally mb should recover the funds or if they cant pay it back to your acount as i assume its obvious these charges wasnt made by kk.

i hope it turns out good, thing the only help is mb customer support @ this moment.


cheers

coxwel

[vinylweatherman]

If this can happen to an experienced player and affiliate such as KK, it is a REAL threat to ALL of us, even those of us who think we are wise enough to prevent ourselves falling victim.

It would be VERY useful to find out how this was done, and how all of us can shut down the exploit before we also fall victim.

I have often thought MB to be less secure because it is simply an email address & password login, and the former is freely available with little effort so would be vulnerable to a password cracker.

Neteller uses an account number for login, along with a secure code and password.

It is possible to generate a deposit on a merchant site with the account number and secure code only, but all three are needed to log in to the Neteller account itself, and make P2P transfers.

I note the thief targeted the early morning hours, which would give them the best chance of not getting interrupted.

The eWallets should add some extra layers of security, maybe an additional password that is ONLY used to authorise P2P transactions, and not typed in otherwise (thus harder to get hold of with a keylogger).

The banks no longer ask for the whole password, instead you have to give 3 random characters, and entered with the mouse from a drop down list - a defence against keyloggers.

Apart from this, we are legally protected from loss through fraud from our banks and cards, but there is NO such legal protection when it comes to Neteller or Moneybookers. If the eWallet isn't able to recover the money, that's just tough on the victim.

[PlexRep]

Sorry to hear that KK. Hope the story gets a happy ending.

I hate to shut the gate after the horse has bolted so to speak, but as a tip for other moneybookers users who fear this may happen to them - they use something like cryptocard (http://www.sourcesecurity.com/news/a...8-ga.4153.html) now, and for a one-off payment of €15 they send you a little key chain which generates a one off, unique password for every time you log in. The thing lasts as long as it's battery does... normally a couple of years.

[SlotMonster]

I often use Liqpay for my payments and can login only with my cell phone.

My username is my phone number. New password is generating every time I try to login and I receive it by SMS (password is expired in few minutes). So, the only way I see someone can steal money is to steal my phone first.