MoneyBookers account hacked and emptied...

KasinoKing

WebMeister & Slotaholic..
webmeister
PABnononaccred2
CAG
MM
Joined
Aug 25, 2004
Location
Bexhill on sea, England
Got a very nasty surprise this-morning; a series of e-mails about withdrawals from my MB account which weren't by me! :mad:
Turns out my account was hacked.

Doubly annoying because I just withdrew €250 from a casino in the early hours which hit my account at 1:37am... and the thief started stealing all my money at 1:58am.
He/she made 14 small-ish withdrawals over the next 5 hours until my whole balance was gone :(

Hopefully MB can recover the funds - but I don't know what the chances are...?

KK
 
Please post a email where your money gone.
 
Ohhhhh no that sucks! I sure hope they can recover the funds, we need to have some faith that if there is something shady going on, they'll fix it and make it right! So sorry this happened, fingers crossed it works out ok for you KK!
 
Sorry this has happened to you KK. It seems that the bigger ewallets for Non US players are being targeted by fraudsters. You with Moneybookers and last month Nifty29 with Neteller. You would think there would be better "security" in place so these things can't happen.
 
Any idea how it got hacked? Did they use a password cracker? Did you use your MB account at some of the more skankier casinos? :p

Have you heard anything yet from MB?
 
14 withdrawals in 5 hours? Seems hard to believe that MB would allow such a thing.

Where was the money sent? Didn't it have to go directly to your Bank Account?
And if the thief changed bank account wouldn't MB have to verify it with you?

As a very outstanding memner of the forum here KK, I do beleive what you said, but then if those are ther facts MB really sucks I am suire it has to be an error. It can't be that easy Will wait to hear VNW's comment

Hope all turns out well KK
 
normally mb should recover the funds or if they cant pay it back to your acount as i assume its obvious these charges wasnt made by kk.

i hope it turns out good, thing the only help is mb customer support @ this moment.


cheers

coxwel
 
If this can happen to an experienced player and affiliate such as KK, it is a REAL threat to ALL of us, even those of us who think we are wise enough to prevent ourselves falling victim.

It would be VERY useful to find out how this was done, and how all of us can shut down the exploit before we also fall victim.

I have often thought MB to be less secure because it is simply an email address & password login, and the former is freely available with little effort so would be vulnerable to a password cracker.

Neteller uses an account number for login, along with a secure code and password.

It is possible to generate a deposit on a merchant site with the account number and secure code only, but all three are needed to log in to the Neteller account itself, and make P2P transfers.

I note the thief targeted the early morning hours, which would give them the best chance of not getting interrupted.

The eWallets should add some extra layers of security, maybe an additional password that is ONLY used to authorise P2P transactions, and not typed in otherwise (thus harder to get hold of with a keylogger).

The banks no longer ask for the whole password, instead you have to give 3 random characters, and entered with the mouse from a drop down list - a defence against keyloggers.

Apart from this, we are legally protected from loss through fraud from our banks and cards, but there is NO such legal protection when it comes to Neteller or Moneybookers. If the eWallet isn't able to recover the money, that's just tough on the victim.
 
Sorry to hear that KK. :( Hope the story gets a happy ending.

I hate to shut the gate after the horse has bolted so to speak, but as a tip for other moneybookers users who fear this may happen to them - they use something like cryptocard (
You do not have permission to view link Log in or register now.
) now, and for a one-off payment of €15 they send you a little key chain which generates a one off, unique password for every time you log in. The thing lasts as long as it's battery does... normally a couple of years.
 
I often use Liqpay for my payments and can login only with my cell phone.

My username is my phone number. New password is generating every time I try to login and I receive it by SMS (password is expired in few minutes). So, the only way I see someone can steal money is to steal my phone first.
 
Sorry to hear that KK. :( Hope the story gets a happy ending.

I hate to shut the gate after the horse has bolted so to speak, but as a tip for other moneybookers users who fear this may happen to them - they use something like cryptocard (
You do not have permission to view link Log in or register now.
) now, and for a one-off payment of €15 they send you a little key chain which generates a one off, unique password for every time you log in. The thing lasts as long as it's battery does... normally a couple of years.

Given how freely available "key generators" are to create software license keys, credit card numbers, etc are over the internet, the weakness is that eventually someone will work out a way to generate these "keys", and mimic the keyfob.

We have had many security solutions that we were told are "100% guaranteed", but which have quickly been compromised by the crooks. Chip & Pin is the most recent, 100% reliable said the banks - it was hacked in a matter of MONTHS:mad: Chip & Pin is STILL being compromised on a regular basis because of weaknesses in the system as a whole. The latest is substitution of a genuine card reader with a "cracked" one, often right under the noses of the shop staff.
 
Most of these ewallets have pretty solid security so it's very concerning they're able to be hacked, especially when those of us who understand Internet security are the victims.

I had my Click2Pay account hacked before, a system that requires an account number, a secure code and my highly secure password which is reserved only for financial based websites...it turned out to be an inside job, hundreds of accounts were hit and I got the money back after pulling a few strings, but you just need to be very careful who you sign up with. I've since closed all ewallets and wouldn't touch any of them again, my trust has been broken unfortunately!
 
Passwords

It might be a bit 'off topic' but I have done a lot of stuff on the Internet over the years and got fed up with writing down my passwords (as some companies don't let you choose your own one.) and then spending time to search for the right password etc... Which can be annoying in particular if you use casino's without download options!
There is a password manager called roboform.
A cool looking, sunglass wearing guy. But this little software is A.I. and generates random, distinct, and secure passwords to protect important private information to mitigate hacker attacks. Old / Expired Link


(There is even a portable version available which you can carry around with you, so that you can access your data etc without using your own computer.)

The only downside is that roboform has only one singular password which you will need to activate it. But once lost it can –NEVER- be retrieved again!!

However, I find this a small price to pay in compare with the nightmare of having a few hundred passwords or worrying about if my account is in danger of getting hacked or not.:eek:
Plus, he is very friendly to all 'hacker-and spy ware' and I never had a singular problem since I’ve been using it, which is 3 years or so…

You do not have permission to view link Log in or register now.


I think everyone who is aware of hackers (and/or has various accounts) and as far as I can remember the basic version is for free. And I used it to test how good it is (until I eneded up using too many accounts and passwords-lol) then I bought the upgrade.

You do not have permission to view link Log in or register now.


Karen


P.S. I know that every 'thing' can be hacked-but roboform is even being used by the US government and it certainly will give any hacker a hard time...And please note that this is not spam. There is no affiliate link or anything-except a great help in protecting accounts from getting hacked.

If this can happen to an experienced player and affiliate such as KK, it is a REAL threat to ALL of us, even those of us who think we are wise enough to prevent ourselves falling victim.

It would be VERY useful to find out how this was done, and how all of us can shut down the exploit before we also fall victim.

I have often thought MB to be less secure because it is simply an email address & password login, and the former is freely available with little effort so would be vulnerable to a password cracker.

Neteller uses an account number for login, along with a secure code and password.

It is possible to generate a deposit on a merchant site with the account number and secure code only, but all three are needed to log in to the Neteller account itself, and make P2P transfers.

I note the thief targeted the early morning hours, which would give them the best chance of not getting interrupted.

The eWallets should add some extra layers of security, maybe an additional password that is ONLY used to authorise P2P transactions, and not typed in otherwise (thus harder to get hold of with a keylogger).

The banks no longer ask for the whole password, instead you have to give 3 random characters, and entered with the mouse from a drop down list - a defence against keyloggers.

Apart from this, we are legally protected from loss through fraud from our banks and cards, but there is NO such legal protection when it comes to Neteller or Moneybookers. If the eWallet isn't able to recover the money, that's just tough on the victim.
 
Last edited:
Most of these ewallets have pretty solid security so it's very concerning they're able to be hacked, especially when those of us who understand Internet security are the victims.

I had my Click2Pay account hacked before, a system that requires an account number, a secure code and my highly secure password which is reserved only for financial based websites...it turned out to be an inside job, hundreds of accounts were hit and I got the money back after pulling a few strings, but you just need to be very careful who you sign up with. I've since closed all ewallets and wouldn't touch any of them again, my trust has been broken unfortunately!


This shows that their security was not up to standard. Customer passwords should be stored in a non-retrievable format to prevent the "inside job" scenario where account details are stolen directly from the server, and then able to be used to log in to accounts and steal from them.
 
WOW.

This is just awful.

I'm really hoping that somebody who has been or is involved here at CM isn't doing this, as my Neteller account was hacked 4 weeks ago and my Paypal was hacked late last year.

On the subject of Neteller - they are a disgrace and I will never use them again.

I have sent no less than 10 emails in 4 weeks to their investigations department and the ONLY answer I received was "We are looking into the matter and will contact you soon" which was 2 weeks after the fact.

Worse than that, when I call I am unable to speak with investigations as "they have to initiate the call" but nobody ever calls.

Some guy called me 3 days ago from neteller and was going to help me setup a new security code via the website etc, but he couldn't go ahead because the investigation rep changed the account email back to my OLD one that I used when it was hacked (which I closed down) and he couldn't verify if it was me or the hacker that did it!! Talk about inept.

I asked the guy who called about what happened and how they got my info etc etc, and he couldn't tell me anything as he was from a different department.

So here I am a month later not knowing a single thing about how $6k turned up in my account. In fact, it was ME who contacted Bwin.com about the fraud and they subsequently located the transaction and reversed it....they hadn't even heard from Neteller at all!!

I'm really pissed about the whole situation because Neteller don't seem to give a gnat's chuff about how someone hacked one of their 'secure' accounts and certainly don't care about their VIPs.

Now I'm back to credit cards and MB (although I'm worried about that now as well :eek: )

Anyway, didn't mean to derail but thought I would share my experience as it is kinda relevant and wanted to show how badly I've been treated.

Hope they get your money back KK!!

P.S. Has anyone else tried this RoboForm thing? They have a special on for $9.99 for the first year at the moment which seems well worth it IMO.
 
Any idea how it got hacked? Did they use a password cracker? Did you use your MB account at some of the more skankier casinos? :p

Have you heard anything yet from MB?
I've no idea how it happened.
I don't know anything about "password crackers" - how do they work? :confused:
My password was definitely not obvious - no-one could ever guess it.
And no, definitely no dodgy casinos for me! ;)

I spoke to them on the phone straight away and I had to change my password & e-mails on the account - closing the door after the horse has bolted... :(
I guess it might be a day or two before I hear the final outcome. I don't know - this hasn't happened to me before.


14 withdrawals in 5 hours? Seems hard to believe that MB would allow such a thing.

Where was the money sent? Didn't it have to go directly to your Bank Account?
And if the thief changed bank account wouldn't MB have to verify it with you?
It didn't go to a bank account - it's either gone direct to another MB member, or to a dodgy looking Russian casino; the e-mail it went to was rushplaynv @ googlemail.com.
There is a casino at rushplay.com - but because it's a Google e-mail it might not be anything to do with them. Who knows?

KK
 
I've no idea how it happened.
I don't know anything about "password crackers" - how do they work? :confused:
My password was definitely not obvious - no-one could ever guess it.
And no, definitely no dodgy casinos for me!

This might be worth your time to read.
You do not have permission to view link Log in or register now.

They even have a top ten list of the 'best' password crackers, some are even freeware... :(

The most secure passwords are long and use numbers, upper and lower case letters... You know the ones that are impossible to remember...

Those password remembering programs are great... till a file gets corrupted and your password program is useless and you don't know any of your passwords... Been there, done that.... and it is no frickin fun trying to reopen all your accounts without your passwords...
 
I would also strongly suggest you to check your PC for possible trojans and other spyware. Seems like your password was sniffed with some virus/spyware and sent to hacker.
 
I agree with slotmonster.
The most likely way they got your mb password is by having a spy program in your computer.

Password crackers don't work well on sites that have any kind of security.

I just went thru hell, with my pc after that virus that was on the ppa website got into my machine, still not 100% sure it's gone.
 
Hope you get this sorted KK :(

On the subject -
I have both MB and NT accounts. Can someone use them to fund money from my actual bank account (as I can), and then steal the cash? Or would they also need to somehow (highly unlikely) hack my "Verified by Visa" security as well?
 
I am so sorry to hear this KK! And frightening! :eek:

What bothers me about these hacks, is so many times the ewallet/bank, etc. won't tell you HOW it happened. But users need to know the 'how' to prevent it happening again. If it's an inside job, you may never know what happened.

Use several different malware scanners to see if you've picked up malware somewhere. One or two different ones is not enough. Spybot S&D is one good one I always keep on hand. Download them to a little flash drive and run from there in safe mode. Also change passwords on ALL your email accounts, as there may be a chance one was hacked and account info gleaned from email(s).

If you've allowed others to use your computer, there's no telling what they might have clicked on or picked up in a drive-by install and you never know it.

Good luck and please let us know what you find out.
 
That really sucks KK.
Hope MoneyBookers sorts all this out for you.
& I hope you find out who did this to you.
And nail them good.
~T~
 
That's sucks KK :rolleyes:

Sounds to me like you have a trojan horse on your computer or something and the crooks have logged your typing or something like that. I would guess it would be highly unlikely or even impossible to bruteforce\crack a password on the Moneybookers server as your account gets closed after a few tries.

Run a antivirus check and a spyware check asap!
 
Sorry to hear about that kk,been the victim myself and am sure it was a someone working at a bookmakers site as happened a few hours after i deposited there. They had somehow managed to see or guess my verified by visa password as well as take my debit card details and cleaned me out. They bought a plasma tv, paid bills and even gave a £20 donation to CHARITY,the irony of it!

But they werent very bright left a trail and got caught,I did get my money back eventually. I tend to now use paypal to transfer money and its well protected as it basically run by ebay!,but not a lot of casinos use this method unfortunately. Tends to be more the U.K ones.
 

Users who are viewing this thread

Meister Ratings

Back
Top