So heads up ,i was hacked over the weekend and only new casinos ive used are 3dice and vegascrest

Savatage79

Senior Member
PABaccred
PABnononaccred2
So I woke up today to one of my accounts being 3k overdrawn , and I went to see that it was paypal Mastercard debits which is the card I've had to use at some places. Now my casinos over the last 4 to 5 years have been bovada, Ignition, sloto, uptown and inetbet. Never had a single issue in all these years .

Now I doubt it was 3dice but the brokering sfuff Is new to me,im not sure if someone is able to snag a debit Mastercard from that or what.

Direct usage was at vegascrest, again I guess I just dont see how it could be stolen while putting in a deposit but I am sure there are ways. Would it he most likely someone at a casino that has access to people's cards?

I don't know all I know is those were the 2 newest casinos breaking the norm for me and here I am...so just a heads up for anyone that may frequent them a bit, maybe change your info,passwords etc... i just wish i had an idea of how it could've happened or where
 
Last edited:
Like has anyone ever heard of someone getting hacked when trying to use payment portals on casinos?

That's the only thing I can think of. But I tend to not think it was an outside of casino coincidence...i mean im still gonna play at 3dice as Like I said doubt it happened from there but its new in my rotation so that's why it all weirds me out a bit, and why I mention if it did happen from there to just be careful but like i said I highly doubt it.

I haven't opened any weird emails or anything, thats the only things I can associate with the debit mastercard they used
 
Sorry to hear that.

In the states do you have the chargeback option?

In the U.K. should you have money taken wrongly it works perfectly to get those funds back.
 
Yea it should work fine ,i just get worried as I've heard some horror stories before...like my paypal debits are all 35 to 50 bucks, months of 35 to 50 debits and then boom for 1 hour from 3am to 4am my account gets exploded with thousands of dollars.

I'm not to worried about getting it fixed but I guess I'm bummed because I don't know where it may have occurred snd I was excited to get hitting some games in Vegascrest casino, and it all couldve just been one massive misfortunate happening...but it made me a little gunshy now .

I just know I have stuck to my regular casinos and it would figure the month I veer off a bit boom, hacked
 
I know a couple of people who have had issues getting their PayPal hacked. One of them had it done by someone in America. God knows why PayPal let that one through as he lives in England. I highly doubt it was anything to do with the casinos you have used. More likely your email address has been sold on by a shady company along with your password.

As soon as I heard of these stories I set up 2 factor authentication on my PayPal account.
 
I know a couple of people who have had issues getting their PayPal hacked. One of them had it done by someone in America. God knows why PayPal let that one through as he lives in England. I highly doubt it was anything to do with the casinos you have used. More likely your email address has been sold on by a shady company along with your password.

As soon as I heard of these stories I set up 2 factor authentication on my PayPal account.

I am glad you mentioned that as soon as I read this thread I did the same :)
 
This is G translation, no time to correct it, on my way to work...


Visa has issued a warning about the new Baka electronic skimmer (at Group-IB we traditionally call this malware - JS sniffers). Payment system experts found Baka in several international online stores at once. The virus was added to the checkout page using a special script. At the same time, the "malware" is almost impossible to catch - after the "operation" is completed, it is automatically removed from the resource page.

"Now JS sniffers are one of the fastest growing threats to the e-commerce market in the world," says RG Viktor Okorokov, Group-IB Threat Intelligence specialist. "In less than a year and a half since the release of the first Group-IB study devoted to On this topic, the number of unique families of such malicious code discovered by Group-IB experts has more than doubled: today there are already 96 of them. " In his opinion, JS sniffers have finally replaced banking Trojans. "Since the end of 2019, criminal groups using such software have become the main suppliers of text databases of bank cards for sales on specialized hacker forums - kartshops."

The recommendations are:

Since it is almost impossible for ordinary users to determine that the official website of an online store is infected with JS sniffers, in order to minimize losses, we recommend using a virtual card with limited limits, and the card itself must be linked to a separate account.

Online business owners are recommended to regularly conduct express audits of their websites, and once a year - more in-depth studies of the security of Internet resources. All this does not negate the regular updating of the software for the CMS site by the site owners.

You do not have permission to view link Log in or register now.
 
Last edited:
I know a couple of people who have had issues getting their PayPal hacked. One of them had it done by someone in America. God knows why PayPal let that one through as he lives in England. I highly doubt it was anything to do with the casinos you have used. More likely your email address has been sold on by a shady company along with your password.

As soon as I heard of these stories I set up 2 factor authentication on my PayPal account.

You're most likely right ,but here's the thing...see the way I view it if they hacked my paypal account they would've had access to all my cards associated with it so I'd have seen charges elsewhere. Hacking paypal doesn't give them my paypal debit card number, know what i mean? The form of charging they used was the paypal debif Mastercard which like i said the only new place I have used it directly was Vegascrest.

Thats main reason why I'm just slightly weirded out , it just seems to big of a coincidence is all.
 
Are you able to determine whether the transactions were done through paypal itself or through the card? Presumably paypal should be able to tell though I don't know whether or not it would be easy to figure out that info.

So if wasn't through paypal itself, then that's probably just a normal credit card info theft. So anyone that had access to your credit card info at some point could theoretically have stolen it, not necessarily going to be easy to track it down. I don't know exactly how casino payment processing from a technical point is done, but there's a good chance when you use a credit card your info is being passed both through the casino itself and then onto a payment processor.

Between those two, I would be more likely to suspect the payment processor but you never know for sure. Online casinos sometimes have to change payment processors for whatever reason, they stop working, go rogue, get caught up in legal trouble, whatever. So you might end up with you card being sent to multiple payment processors over time even if you use just one casino.

There were some posts on the poker forum 2+2 maybe a few months ago that bovada group seemed to be having problems with their payment processors - something like they were taking money out people's accounts but reporting to bovada that the transactions were somehow later declined/charged back/etc and causing problems for some people. I think it was in response to this that bovada accelerated a lot of its bitcoin promotion stuff. So just saying it's possible that a processor like this just held onto your and a bunch of other people's credit card info for a while, and a few months starting either using or selling that information, so there could be some chance it was a result of bovada/ignition payment processors.

Of course you should also consider the possibility that you've somehow had your computer compromised with a keylogger or other software, just to make sure you're covering the bases. If you only used the card with your phone though, phones are usually pretty safe/everything is kept separate but who knows. Could even have possibly been compromised in person if you use the card at stores/ATMs.

So unfortunately it might be tough to really be sure who is actually responsible for the credit card info being stolen. Though online casinos are obviously going to be at the top of the suspect list.
 
Well that's the thing the physical card used never leaves this house, i only use it for deposits as it then pulls from my bank account since some places are finicky. That's why its a bit more narrowed down as to where it was used, its just the worst feeling in general because its a pain in the ass .
 
I know a couple of people who have had issues getting their PayPal hacked. One of them had it done by someone in America. God knows why PayPal let that one through as he lives in England. I highly doubt it was anything to do with the casinos you have used. More likely your email address has been sold on by a shady company along with your password.

As soon as I heard of these stories I set up 2-factor authentication on my PayPal account.

Today, carders bypass the 2-factor authentication easily. If you want to use Paypal and be sure that your money is safe - get two bank accounts and keep it on the one which is not linked to your Paypal.

In case you want to make a deposit in an online casino or purchase anything online using Paypal then transfer from your main bank account some money into the one that is linked to your Paypal.

If you received casino winnings or payment for your service or say your friend transferred you some money into Paypal; perform a reverse action - Paypal → your bank account that is linked to it → your main bank account.

To add more security on top, important is to have strong different passwords and memorable info for each of the accounts. Plus mandatory - a separate email address and a phone number for your main bank account. A password for the email address must be totally unrelated to others and not used anywhere else.

A lot of people think Paypal is the oldest and the safest, but in reality, it is very vulnerable and in general, it is the 1st thing that gets emptied out by carders.
 
Today, carders bypass the 2-factor authentication easily. If you want to use Paypal and be sure that your money is safe - get two bank accounts and keep it on the one which is not linked to your Paypal.

In case you want to make a deposit in an online casino or purchase anything online using Paypal then transfer from your main bank account some money into the one that is linked to your Paypal.

If you received casino winnings or payment for your service or say your friend transferred you some money into Paypal; perform a reverse action - Paypal → your bank account that is linked to it → your main bank account.

To add more security on top, important is to have strong different passwords and memorable info for each of the accounts. Plus mandatory - a separate email address and a phone number for your main bank account. A password for the email address must be totally unrelated to others and not used anywhere else.

A lot of people think Paypal is the oldest and the safest, but in reality, it is very vulnerable and in general, it is the 1st thing that gets emptied out by carders.
I thought 2fa was safe as PayPal have to send a unique 6 digit code to my mobile number?

I know someone tried (and failed) to get in once as I got the 2fa code sent to me.
 
I don't know exactly what methods they use to gain an access to this code but I'm sure they change a phone number and the code gets sent somewhere else. Once they get the access, often they open one more Paypal account making a real user totally unaware.

For informational purposes, I can try to dig some info out from private cybersecurity chats on Telegram.
But I guess if I find anything that worth to share here it will be semi-outdated as ones try to close the hole but others always find something new, and it goes around again and again.
 
Well, here is a very classic one; infection with malware by downloading malicious apps from the play store, iTunes or with the help of social engineering - making a victim open some file.
The file can look very unsuspicious like even a png image!

Once a victim's phone is infected the malware intercepts SMS messages and re-directs them to an attacker.

P.S Forgot to add that malware also can be installed in the repair shops or on a second-hand phone.
 
Last edited:
2 of my cards were (attempted) used in fraudulent purchases lately and while I play on both 3Dice and Vegas Crest, I only use the cards on Vegas Crest. Wonder if they have weak security or their processor is dirty.
 
Not sure but that's why I think it has something to do with them, it just feels like to big of a coincidence.
 
As i have never had this happen to me BUT heard of it happening to others especially in the United States. I would contact the casinos you also should see where each charge originated on a computer print out so they are easy to track and dispute. IF they were the casinos processors you should reach out to the rep IF they are legit on here and have them conduct an investigation. There are some SHADDY processors out there.
 
Today, carders bypass the 2-factor authentication easily. If you want to use Paypal and be sure that your money is safe - get two bank accounts and keep it on the one which is not linked to your Paypal.

In case you want to make a deposit in an online casino or purchase anything online using Paypal then transfer from your main bank account some money into the one that is linked to your Paypal.

If you received casino winnings or payment for your service or say your friend transferred you some money into Paypal; perform a reverse action - Paypal → your bank account that is linked to it → your main bank account.

To add more security on top, important is to have strong different passwords and memorable info for each of the accounts. Plus mandatory - a separate email address and a phone number for your main bank account. A password for the email address must be totally unrelated to others and not used anywhere else.

A lot of people think Paypal is the oldest and the safest, but in reality, it is very vulnerable and in general, it is the 1st thing that gets emptied out by carders.

Paypal is safe and have a quarantee, a long time ago whey first started someone hacked my facebook page and got into my paypal through a workaround. Luckily i had 2 factor authentification enabled and it hit my cell phone but i didnt know about it till next day cause i was sleeping but they blocked it and passwords reset and fixed. Love paypal
 
FWIW, Out of the blue, I had 2 notification emails from Sloto on failed login attempts the last few months. One was dated Aug. 2. I haven't played online in 8 years. Any cards I ever used have long been replaced anyway.
 
Paypal is safe and have a quarantee, a long time ago whey first started someone hacked my facebook page and got into my paypal through a workaround. Luckily i had 2 factor authentification enabled and it hit my cell phone but i didnt know about it till next day cause i was sleeping but they blocked it and passwords reset and fixed. Love paypal

From one hand PayPal is safe, easy to use and very convenient. And this is the main reason why many users like it (including myself). And yes, if money gets stolen PayPal will return it. Carders know that very well and that's why reckon they steal from PayPal but not from users.

For carder sometimes is enough to have only an email address or even a potential victims image to eventually gain access to their full personal information.

Have you ever searched on Google for anything related to you? :D

There are thousands of people in the world who leave their personal data on the internet. The prime example is social network accounts where people simply register with their real data and leave their contact information accessible to all.

Carders usually buy custom build software from hackers which enables them to perform different things, like for example finding a bank that you bank with or e-wallets connected to you by only knowing your phone number, email or some piece of information about yourself.

Besides, there are also countless personal data on the dark web available.

And not everyone is smart enough to realise that they are being tricked by
You do not have permission to view link Log in or register now.
which can last a very long time.

Not everyone uses a smartphone with the latest version on it.

Not everyone reads all reviews on Play Store or iTunes before installing any apps. While many others download and install different shit from untrusted sources.

And of course, not everyone knows what 2-factor authenticator is.

And as I said earlier, the smartphone can be infected by receiving even a simple PNG image which victim downloads in order to view on his smartphone. As a rule, it's spyware which will be silently sitting there and copying everything including logs, cookies, passwords etc. and sending to the attacker.

Once all info is collected the attacker downloads logs/cookies to his phone and logs for example into Paypal.

Paypal will think it is a genuine user, and in case there is 2FA, a real user won't see the unique code as it will be sent to the attacker (seems like when you got hacked they didn't have your logs and that's why Paypal blocked them).

That's said enough I think!

By the way, this is quite old info which comes from cybersecurity expert. What they do nowadays, I guess is very advanced.
 
From one hand PayPal is safe, easy to use and very convenient. And this is the main reason why many users like it (including myself). And yes, if money gets stolen PayPal will return it. Carders know that very well and that's why reckon they steal from PayPal but not from users.

For carder sometimes is enough to have only an email address or even a potential victims image to eventually gain access to their full personal information.

Have you ever searched on Google for anything related to you? :D

There are thousands of people in the world who leave their personal data on the internet. The prime example is social network accounts where people simply register with their real data and leave their contact information accessible to all.

Carders usually buy custom build software from hackers which enables them to perform different things, like for example finding a bank that you bank with or e-wallets connected to you by only knowing your phone number, email or some piece of information about yourself.

Besides, there are also countless personal data on the dark web available.

And not everyone is smart enough to realise that they are being tricked by
You do not have permission to view link Log in or register now.
which can last a very long time.

Not everyone uses a smartphone with the latest version on it.

Not everyone reads all reviews on Play Store or iTunes before installing any apps. While many others download and install different shit from untrusted sources.

And of course, not everyone knows what 2-factor authenticator is.

And as I said earlier, the smartphone can be infected by receiving even a simple PNG image which victim downloads in order to view on his smartphone. As a rule, it's spyware which will be silently sitting there and copying everything including logs, cookies, passwords etc. and sending to the attacker.

Once all info is collected the attacker downloads logs/cookies to his phone and logs for example into Paypal.

Paypal will think it is a genuine user, and in case there is 2FA, a real user won't see the unique code as it will be sent to the attacker (seems like when you got hacked they didn't have your logs and that's why Paypal blocked them).

That's said enough I think!

By the way, this is quite old info which comes from cybersecurity expert. What they do nowadays, I guess is very advanced.
I just email people and pretend im a Nigerian Prince.
People fall for it every time.
;)
 
So I woke up today to one of my accounts being 3k overdrawn , and I went to see that it was paypal Mastercard debits which is the card I've had to use at some places. Now my casinos over the last 4 to 5 years have been bovada, Ignition, sloto, uptown and inetbet. Never had a single issue in all these years .

Now I doubt it was 3dice but the brokering sfuff Is new to me,im not sure if someone is able to snag a debit Mastercard from that or what.

Direct usage was at vegascrest, again I guess I just dont see how it could be stolen while putting in a deposit but I am sure there are ways. Would it he most likely someone at a casino that has access to people's cards?

I don't know all I know is those were the 2 newest casinos breaking the norm for me and here I am...so just a heads up for anyone that may frequent them a bit, maybe change your info,passwords etc... i just wish i had an idea of how it could've happened or where

I was hacked a while back. It is not 3dice for sure. Brokering has nothing to do with that. unless you opened a strange email.

I had issues with Bovada last year and someone was doing chargebacks against bovada using my cards. I sent them all my documents and proved it wasn't me. But I would be careful at Bovada. I think they may have had security issues in the past and this is why they are trying to push BITCOIN only accounts. I know for a fact they had issues because there were tons of people having the chargebacks issues. It was all over twitter.

So I would check all your Bovada stuff very carefully. I also had someone steal my credit card info and use it shortly after playing at Casinomax.

Some of these sites used shady third party processors.

Especially when it's a voucher system.

Just some thoughts.
 

Users who are viewing this thread

Meister Ratings

Back
Top