Question Weird hacked experience

trade

Senior Member
Joined
Jul 4, 2004
Location
ontario
Last Thursday, I received a call from Red Flush and was asked, do you know you have a balance in your account? (Haven't played there for almost one year). I asked how much was in there and they said $100. Nice! :)

So, I downloaded the casino and saw I actually had something like $120. I started to try and download some games, but before I could, got booted out (several times) and received a "Casino Error (0)" message. I tried logging in again and the balance showed over $200, a balance between the cash and bonus accounts. (Can't remember the ratio but something like $60 in the cash account, the balance in the bonus account). :confused: (Strange!) Before I could download any games, I got booted out again and received an email saying "password successfully changed", however I never changed my password! :what: (Stranger!)

I was on the phone with Support when the above happened... tried logging in again and got one of those casino errors message, i.e. the password was now incorrect. Support said they would contact Microgaming and would find out what was wrong. They reset the password so I could log in again and walked me through resetting the password, but I again got booted out before I could do so and again received the Error 0 message. They told me I could play on the flash site in the meantime, however I had to leave for an appointment and thought I would check it out when I got back.

When I arrived back home, I tried logging in again and now the balance was $41 (all in the bonus account)! :mad: Called Support and they told me what games "I had played", but of course I never played any game at all. (I live alone, so it was not possible that someone else had played from my computer).

They recommended I change the password, which I was then able to do. Asked them to check out the IP address from which the hacker had played and it brought them back to me. :( I assured them I had not played anything and asked them if it was possible for someone to set up a fake IP address? They said they would launch an investigation.

I didn't play any games once I was able to log in and not get booted out. Instead I unistalled the casino while I wait for the results of their investigation.

I am wondering if this has ever happened to anyone and if this means my overall security on my computer has been compromised? I am not the most tech savvy person in the world, however I believe my firewall is in tact and anti-virus program up to date. Any advice would be appreciated!

Thanks in advance! :notworthy
 

Simmo!

Paleo Meister (means really, really old)
Joined
May 29, 2004
Location
England
My immediate question would be:

Do you live in an apt block or within "earshot" of any other wireless routers?

I would scan your PC for Trojans and Keyloggers with a different antivirus program (AVG or Fsecure) to be sure.
 

Seventh777

RIP Roy
Joined
Sep 28, 2010
Location
Planet Tharg, dark side, where nothing grows.
What Simmo said, not many virus scanners will pick up keyloggers so I would d/l this - KL-Detector, Malewarebytes and hijack this could come in handy here also, the few times i`ve had a virus etc problem I scan using no less than 4 different scanners, you`d be surprised at how much one will miss something that another does not.

Anyway`s gl with this ;).
 

trade

Senior Member
Joined
Jul 4, 2004
Location
ontario
Thanks to you both.
The weird thing is, it was by a phone call, not email that I was informed about this. As soon as I downloaded the casino, it was apparent that someone was already in playing.
I do live in a building and lots of apartments not far from my place, however my modem is hardwired to my ISP and don't have WIFI set up on my computer.
I will try one of those programs you suggest and will let you know if I find anything.
Many thanks again! :)
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
I know one thing.

If you are already logged in to the casino, and then the account is logged into from elsewhere (correctly), your session will be booted and the newer login will take over. You can snatch it back by doing the same, but if there is malice, it is a race to see who manages to change the password and lock the other party out altogether.

Maybe someone had been using your account for some while, and stopped for a bit, hence the phonecall to you. When you logged in, you would have booted the hacker (if this is what was happening), and he would have been booted with casino error 0. He would naturally try to get right back in, and then you would get booted almost straight away. The hacker may have figured out what was happening, and quickly changed the password.

As well as worring about the games you played at this point, find out what activity was going on for the past year when you were not playing. The easiest thing to check is "Cashcheck" to see if deposits and withdrawals had taken place. Next, check which deposit methods are listed - are they yours.

Had your own deposit methods been used, you would surely have noticed the charges.

To do this, a hacker would need only your account number and password. They would not need to hijack your internet connection, as they could have logged on from anywhere.

Unless your PC has a keylogger or other trojan, it is likely that someone you know has seen your account number and password, and used it or given it to someone.

It is also possible that it was done by hacking into your email account and seeing your account number in a promotional email, and then getting the password via the "forgotten your password" feature, which would use that same email account to give you either the password, or a link to reset it.
 

Seventh777

RIP Roy
Joined
Sep 28, 2010
Location
Planet Tharg, dark side, where nothing grows.
I know one thing.

If you are already logged in to the casino, and then the account is logged into from elsewhere (correctly), your session will be booted and the newer login will take over. You can snatch it back by doing the same, but if there is malice, it is a race to see who manages to change the password and lock the other party out altogether.

Maybe someone had been using your account for some while, and stopped for a bit, hence the phonecall to you. When you logged in, you would have booted the hacker (if this is what was happening), and he would have been booted with casino error 0. He would naturally try to get right back in, and then you would get booted almost straight away. The hacker may have figured out what was happening, and quickly changed the password.

As well as worring about the games you played at this point, find out what activity was going on for the past year when you were not playing. The easiest thing to check is "Cashcheck" to see if deposits and withdrawals had taken place. Next, check which deposit methods are listed - are they yours.

Had your own deposit methods been used, you would surely have noticed the charges.

To do this, a hacker would need only your account number and password. They would not need to hijack your internet connection, as they could have logged on from anywhere.

Unless your PC has a keylogger or other trojan, it is likely that someone you know has seen your account number and password, and used it or given it to someone.

It is also possible that it was done by hacking into your email account and seeing your account number in a promotional email, and then getting the password via the "forgotten your password" feature, which would use that same email account to give you either the password, or a link to reset it.

As Trade new nothing about the existing balance it`s a fair bet that someone has been using his account and depositing and receiving bonuses, as you stated they were playing when Trade logged on, the differences in the account balance between his log-ins proves this.
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
As Trade new nothing about the existing balance it`s a fair bet that someone has been using his account and depositing and receiving bonuses, as you stated they were playing when Trade logged on, the differences in the account balance between his log-ins proves this.

It does seem a bit of a coincidence, as the casino would only call a player about a balance if they had stopped playing for a while and left it there. I wonder what happened about withdrawals, as these would have been far harder for a hacker to divert to their own account.
 

trade

Senior Member
Joined
Jul 4, 2004
Location
ontario
I know one thing.

If you are already logged in to the casino, and then the account is logged into from elsewhere (correctly), your session will be booted and the newer login will take over. You can snatch it back by doing the same, but if there is malice, it is a race to see who manages to change the password and lock the other party out altogether.

Yes, I think that is exactly what was happening in retrospect. It did not remotely occur to me at the time that that might be happening. I just thought it was a software glitch and Support too seemed surprised, but did not suggest someone else might be in there playing.

Maybe someone had been using your account for some while, and stopped for a bit, hence the phonecall to you.
As mentioned, I had not played there since last August. They asked me if I knew I had $$ in my account as mentioned. I figured it must have been a bonus from a long time ago and since I had not played for so long (I was swearing off most casinos at the time), I just thought it was "one of those things". No one except fellow Casinomeister members know I play on line (closet player :D ) and as mentioned, I live on my own and no one else has access to my computer.

When you logged in, you would have booted the hacker (if this is what was happening), and he would have been booted with casino error 0. He would naturally try to get right back in, and then you would get booted almost straight away. The hacker may have figured out what was happening, and quickly changed the password.
Agreed!

As well as worring about the games you played at this point, find out what activity was going on for the past year when you were not playing. The easiest thing to check is "Cashcheck" to see if deposits and withdrawals had taken place. Next, check which deposit methods are listed - are they yours.

Had your own deposit methods been used, you would surely have noticed the charges.
I removed my credit card last year except for a pre-paid one, which doesn't have any funds on it. I don't use any other methods.

To do this, a hacker would need only your account number and password. They would not need to hijack your internet connection, as they could have logged on from anywhere.
That doesn't explain why Support traced the IP address back to me.
Unless your PC has a keylogger or other trojan, it is likely that someone you know has seen your account number and password, and used it or given it to someone.

It is also possible that it was done by hacking into your email account and seeing your account number in a promotional email, and then getting the password via the "forgotten your password" feature, which would use that same email account to give you either the password, or a link to reset it.

Maybe that's the case. As many of you know, a lot of casinos reset your password to a common one and then we are supposed to change it. That is what happened in this case, so I am guessing the hacker guessed the commonly given ones, got in and then changed my password before I could. Since I didn't know I was dealing with something like this (thought it was a software glitch), I wasn't worried about it and thought it would eventually be sorted out when I had time to deal with it.
 
Last edited:

trade

Senior Member
Joined
Jul 4, 2004
Location
ontario
My immediate question would be:

Do you live in an apt block or within "earshot" of any other wireless routers?

I would scan your PC for Trojans and Keyloggers with a different antivirus program (AVG or Fsecure) to be sure.

I downloaded AVG and ran a scan. No threats or viruses showing. I guess I will try one of those keylogger ones.
 

rockycatt

meistercatt
Joined
Oct 26, 2008
Location
Boston
i think its tech error [how is someone going to make money] using a hacked login and if it were logged in at the same time by two different I P S security should shut the whole acct down for investigation

then there is the pay to who ,what name the account belongs to the O P and they got his Addy and banking facts on record
don't make sense to me to be able to profit from this
enlighten me R C
 

chayton

aka LooHoo
webmeister
PABnonaccred
CAG
Joined
Jun 5, 2006
Location
Edmonton Canada
Trade, did you go check your transaction history and playcheck and see if there was account activity besides your own since August when you stopped playing? Theoretically playcheck will show logins even if nobody actually played anything.
 

Silencio

Dormant account
Joined
Jul 18, 2011
Location
Netherlands
i think its tech error [how is someone going to make money] using a hacked login and if it were logged in at the same time by two different I P S security should shut the whole acct down for investigation

then there is the pay to who ,what name the account belongs to the O P and they got his Addy and banking facts on record
don't make sense to me to be able to profit from this
enlighten me R C

I agree.. sound more like a problem on their side.. Like accidentally 1 account number got used for 2 players or something.

And Trade, don't forget spyware. Spybot Search & Destroy, and SpywareGuard are great. Just don't install the Teatimer with spybot, it takes up a lot of memory.
You're probably using windows, also important never to be logged in as administrator. So if you get hijacked they don't have full access without passwords.
 

trade

Senior Member
Joined
Jul 4, 2004
Location
ontario
i think its tech error [how is someone going to make money] using a hacked login and if it were logged in at the same time by two different I P S security should shut the whole acct down for investigation

then there is the pay to who ,what name the account belongs to the O P and they got his Addy and banking facts on record
don't make sense to me to be able to profit from this
enlighten me R C

I totally agree. Someone just spoiling my fun, without any way of benefiting in the long run. When Support ran through some of the games and bets with me, one a slots bet for over $100, which I assume would have gone against T & C's when there's a bonus in the account.
 

trade

Senior Member
Joined
Jul 4, 2004
Location
ontario
Trade, did you go check your transaction history and playcheck and see if there was account activity besides your own since August when you stopped playing? Theoretically playcheck will show logins even if nobody actually played anything.

Thanks Chayton. I didn't do anything other than change the password before I uninstalled the casino. I told them if anyone tries to log in between now and when the investigation is completed, it isn't me.
At first I was concerned that my CC info was in the banking section and they confirmed it wasn't. They also told me the last transaction was when I made a withdrawal last summer and I have not been back since.
 

trade

Senior Member
Joined
Jul 4, 2004
Location
ontario
I agree.. sound more like a problem on their side.. Like accidentally 1 account number got used for 2 players or something.

And Trade, don't forget spyware. Spybot Search & Destroy, and SpywareGuard are great. Just don't install the Teatimer with spybot, it takes up a lot of memory.
You're probably using windows, also important never to be logged in as administrator. So if you get hijacked they don't have full access without passwords.

I don't think there was an accident. The person playing booted me out several times and then changed the password. Again, I didn't clue into this until I logged in (after Support changed my password so I could get in again) and saw the balance was $41.

I don't know if I have ever logged in as administrator, but I ran AVG advanced tools and disabled that possibllity when it was recommended I do so. Not sure how many more security programs I should run. I ran the KL Detector and the report showed all kinds of problematic files in the report. I was a bit concerned that I might start deleting files that I shouldn't and when I closed the report, it closed th program. Haven't figured out what I am supposed to do with that and anyway, running Malwarebytes.

Thanks again everyone. Stay tuned LOL! At least my computer is getting one helluva clean-up, apparently much needed!:(
 

Silencio

Dormant account
Joined
Jul 18, 2011
Location
Netherlands
I don't know if I have ever logged in as administrator, but I ran AVG advanced tools and disabled that possibllity when it was recommended I do so.

You probably were logged in as administrator then. If you only have one account in windows you are the administrator. You can have multiple account and only give 1 administrator rights, and use another one to do your daily business in. This way if you want to change something / install a program / or whatever, the system asks for a password.
 

trade

Senior Member
Joined
Jul 4, 2004
Location
ontario
So fellow members and awesome support people, I ran Malwarebytes, and have "malicious software" (around 39 files are "Pup.Casino.Gen") which I assume is associated with Microgaming?
I am just wondering about if these are false alarms...

Other files showing are:
Pup.Bundleinstaller.IB (File, 2 Registry Keys, 2 Memory Process)
Adware.Zwangi (Registry Key)
Any insight or clues? Should I remove them all?
Thank you, thank you!
:notworthy
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
So fellow members and awesome support people, I ran Malwarebytes, and have "malicious software" (around 39 files are "Pup.Casino.Gen") which I assume is associated with Microgaming?
I am just wondering about if these are false alarms...

Other files showing are:
Pup.Bundleinstaller.IB (File, 2 Registry Keys, 2 Memory Process)
Adware.Zwangi (Registry Key)
Any insight or clues? Should I remove them all?
Thank you, thank you!
:notworthy

The problem is that many casinos trigger false positives with many virus and malware scanners.

You could uninstall all casinos, and then freely delete these files and not worry that they are casino related. After the cleanup, you can reinstall the casinos, and when done, rerun the scanner to see if these suspicious files come back with the casinos, which would show they were false positives.

The hacked account theory is supported mainly by the fact that your balance kept changing even though you didn't make any bets. Further support comes from the CS agent who was able to give you a list of bets made recently, even though you had not made them.

Motive is a problem, as it seems nothing has been withdrawn since last August.

If this turns out to be merely a "tech issue", it's a DAMN SERIOUS one, and not one that MGS should sweep under the carpet with a bland "it's sorted now" just for your account.

You could also ask them to look beyond IP addresses and get the MAC addresses from the login. This will show which physical devices on your internet connection had been used, and you can then check whether these are your devices, or those of someone visiting and plugging theirs in. If you have only one device, all the MAC addresses should be the same as well as the IP addresses.
 

rockycatt

meistercatt
Joined
Oct 26, 2008
Location
Boston
i agree wit V W M id hate to build a sizeable balance after a couple of great runs and have this happen to a 10,000.00$ balance
 

Seventh777

RIP Roy
Joined
Sep 28, 2010
Location
Planet Tharg, dark side, where nothing grows.
What VWM said, the basic functions of any online security suite will have relative data stored per customer, these include - Your browser, IP/MAC addresses, your OS, various other software`s, and the ID`s of all your hardware, all hardware comes with it`s own unique ID number, these are the basics to aid casinos in flushing out multi account abusers.

They will know 1000% after investigating whether another PC was used and what area it came from, even if the user had camouflaged their IP via relayed proxy servers the hardware ID`s cannot be disguised.

Did you download this?
You do not have permission to view link Log in or register now.
, it is of great importance that you run a keylogger detection scan, as like I stated previously 99.9999% of security software`s will not pick these up, also, download HijackThis and join the HijackThis forum, post the data log from HijackThis and the data log from KL-Detector here and a forum moderator will tell you if there are any nasties there.

Some viruses/worms/malware`s etc will load just before windows and do their damage then, HiJackThis also boots up pre windows loading and records every single programme loading, it will automatically block all known viruses etc.
 

trade

Senior Member
Joined
Jul 4, 2004
Location
ontario
What VWM said, the basic functions of any online security suite will have relative data stored per customer, these include - Your browser, IP/MAC addresses, your OS, various other software`s, and the ID`s of all your hardware, all hardware comes with it`s own unique ID number, these are the basics to aid casinos in flushing out multi account abusers.

They will know 1000% after investigating whether another PC was used and what area it came from, even if the user had camouflaged their IP via relayed proxy servers the hardware ID`s cannot be disguised.

Did you download this?
You do not have permission to view link Log in or register now.
, it is of great importance that you run a keylogger detection scan, as like I stated previously 99.9999% of security software`s will not pick these up, also, download HijackThis and join the HijackThis forum, post the data log from HijackThis and the data log from KL-Detector here and a forum moderator will tell you if there are any nasties there.

Some viruses/worms/malware`s etc will load just before windows and do their damage then, HiJackThis also boots up pre windows loading and records every single programme loading, it will automatically block all known viruses etc.

Thanks Seventh. I ran the kl detector and not sure what to do next. Will send you a message.
 

trade

Senior Member
Joined
Jul 4, 2004
Location
ontario
A bit of an update...

The mystery as far as any explanation to me remains, although Red Flush/ microgaming might have answers. They ended up opening a new account for me where they deposited $150 (my original bonus plus $50 from a mailer) and locking the original one.

It's strange because they claimed to me that the reason I was seeing different amounts each time I logged in, was the bonus system was out of whack and the program was trying to correct itself. This was a contradiction of what they previously told me, since one of the times I called to Support, they rhymed off all the games played and bets made. I can only surmise that they didn't want to acknowledge a security breach or didn't want me to get worked up about my personal details being exposed. I mentioned that I wasn't satisfied with this explanation (which seemed more of a cover up more than anything) as I know without a doubt that someone was in there playing. I asked them to provide me with all the facts once they are revealed and haven't heard anything further. The $150 at 30X play through is long gone.

It was a nice gesture, to send me a bonus and all but I won't risk going back and playing my own money in future.

As far as trojans or keyloggers, I will have to research out more help on this when I have time. I am moving in 2 weeks after over 20 years in the same place, which means my plate is very full, purging, shredding and packing! I do have the AVG one running AND Microsoft Security Essentials (does anyone have an opinion on the Microsoft Security Essentials program? When I had my hard drive wiped clean and Windows reinstalled last fall, the tech guy said it was one of the better anti-virus programs.)

Before that I always had AVG. I know it's causing my computer to run badly with 2 programs going so I am wondering if I should just uninstall the MSE one. Malwarebytes is a little annoying as it's constantly blocking everything, including Google, so I usually just turn it off.

Thanks again for everyone's help and support! :notworthy :)
 
Top