Results 1 to 4 of 4

Thread: Poker Tracker hacked - payment info has been exposed

  1. #1
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65647280

    Poker Tracker hacked - payment info has been exposed

    Here is their statement:

    ---

    On August 8th, we were contacted by a potential customer and by Malwarebytes stating that PokerTracker.com website had been infected by a cross-site scripting (XSS) attack. Within an hour of receiving the email from Malwarebytes, we had determined that an old Drupal module which is no longer maintained contained a security vulnerability which allowed an attacker to inject an XSS attack into the footer of the PokerTracker.com website. We immediately disabled the module and the rogue script was no longer being injected.

    Within 24 hours of the email from Malwarebytes, we took several further security steps which included patching the Drupal module that was vulnerable and tightening up our Content Security Policy to only allow whitelisted scripts to be executed so that the same type of XSS attack would no longer be possible.

    In the days since the attack, we have been conducting a post mortem to determine the scope and severity of the attack so that we could contact those customers potentially affected. Here is what we have learned thus far:


    1. This was a highly customized and targeted attack of PokerTracker.com and it’s customers. The script was being loaded from ajaxclick.[com] which has not previously been seen in the wild.
    2. It appears that the attack took place between December 23, 2018 and January 2, 2019.
    3. We believe that the attackers were attempting to intercept credit card information while it was being sent from the user’s browser to the credit card processor. We do not have any information to confirm or deny whether the hackers were able to successfully intercept credit card and/or billing data.
    4. PokerTracker does not save or store any credit card or billing information on our servers. Only those customers who attempted to purchase via credit card while the rogue script was on the site are affected. We estimate that the number of affected customers is in the low thousands and we are in the process of notifying them.
    5. The PokerTracker 4 application and your data within PokerTracker 4 has never been compromised. PokerTracker 4 does load an internal browser for the community page which would have loaded the rogue script but it is not technically possible for the script to gain access to view your data within the PokerTracker application.
    6. We have no reason to believe that your PokerTracker.com username or password were intercepted; however, to be abundantly cautious we recommend changing your password.


    If you entered your credit card information on the PokerTracker.com website between the dates of December 23, 2018 and August 8, 2019 we will be contacting you to urge you to closely monitor your credit card activity for any fraudulent purchases. If you notice a fraudulent charge, please immediately contact the telephone number on the back of your credit card to notify them of the fraudulent activity.

    We regret that this incident has occurred and sincerely apologize that it has taken us three weeks to properly assess the scope and severity of the damage to notify potentially affected customers. This is the first time that we have had a major security incident and we have learned a lot during this process that we can improve upon.

    Best regards,

    Derek Charles

    ---


    Here is a report about this on a site called "bleeping computer": https://www.bleepingcomputer.com/new...ealing-script/


    If you paid for PokerTracker recently, don't panic. Your credit card may not ever be used. However, you should check your statements carefully going forward to make sure that fraudulent charges are not made on it. You can get all fraudulent charges easily reversed with zero liability on pretty much all credit cards.

    If you are too nervous about this occurring, you can always call your credit card company, claim you lost your card, and get a new one issued.

  2. #2
    Plutonium simpdog's Avatar
    Reputation
    1959
    Join Date
    May 2012
    Posts
    10,555
    Load Metric
    65647280
    This news brought to you by 2+2 and re-reported by Dan Druff

  3. #3
    Gold sah_24's Avatar
    Reputation
    -37
    Join Date
    Mar 2012
    Location
    Laclede
    Posts
    1,315
    Blog Entries
    5
    Load Metric
    65647280
    Quote Originally Posted by simpdog View Post
    This news brought to you by 2+2 and re-reported by Dan Druff
    Actually tine posted about it before 2+2 ...

  4. #4
    Platinum
    Reputation
    2185
    Join Date
    Mar 2012
    Posts
    3,576
    Load Metric
    65647280
    Quote Originally Posted by sah_24 View Post
    Quote Originally Posted by simpdog View Post
    This news brought to you by 2+2 and re-reported by Dan Druff
    Actually tine posted about it before 2+2 ...
    I remember when Micon was the only site owner who didnt read his own site.

     
    Comments
      
      sah_24: lol
    When faced with a difficult decision, ask yourself "What would Micon do?", then do the opposite.

    PFA Rookie of the Year Awards
    2012: The Templar (unknown)
    2013: Jasep $5000+
    2015: Micon's gofundme legal defense $3k begging for 100k:
    2018: 4Dragons
    2019: Dutch Boyd: Mike Postle
    2020: Covid19
    2021: SMIFlorida and some sort of shit coins for $50k
    2022: BDubs leaks chums club info
    2023: 22nd Feb 4th Dec Youtube channels removed
    2024: Dustin Morgan wins Chrissy's $1000 contest

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Lock Poker destroys yet another skin through non-payment
    By Dan Druff in forum Scams, Scandals, and Shadiness
    Replies: 2
    Last Post: 09-08-2013, 03:05 AM
  2. Attack Poker (free-money poker site) signs convicted payment processor Chad Elie
    By Dan Druff in forum Scams, Scandals, and Shadiness
    Replies: 3
    Last Post: 07-17-2013, 02:04 PM
  3. Poker Group FairPlay USA Exposed on 2+2 As Caesars and MGM Astroturf PR Effort
    By Shizzmoney in forum Scams, Scandals, and Shadiness
    Replies: 0
    Last Post: 01-30-2013, 05:21 AM
  4. Replies: 8
    Last Post: 11-20-2012, 05:44 PM
  5. Replies: 0
    Last Post: 03-26-2012, 07:04 PM