Page 1 of 2 12 LastLast
Results 1 to 20 of 35

Thread: Major (and ongoing) Venmo hack is targeting accounts of big name poker pros

  1. #1
    Owner Dan Druff's Avatar
    Reputation
    10492
    Join Date
    Mar 2012
    Posts
    56,203
    Blog Entries
    2
    Load Metric
    85267887

    Major (and ongoing) Venmo hack is targeting accounts of big name poker pros

    https://twitter.com/RealKidPoker/status/1331475856359735299

    https://twitter.com/Erik_Seidel/status/1331329401611542529


    So obviously this isn't a coincidence. Seidel and Negreanu were clearly targeted due to being prominent (and assumed wealthy) poker pros.

    But how did it happen? Could be in a variety of ways, which I'll list from most likely to least likely:

    1) Phishing attack: Often scammers will send fake e-mails from PayPal or Venmo, with a link to "login" to resolve a phony problem. Then the victims enter their login info, which is promptly stolen by the criminals. Then they are given some kind of non-threatening screen stating that the problem has been resolved (or something else making them forget that anything notable happened), and the thieves go to town.

    2) Stolen password from previous hack: Negreanu and Seidel perhaps used the same e-mail/password combo on Venmo as they have on other sites which were previously hacked, thus allowing those same hackers (or ones who viewed a data dump of those hacks) to get this info.

    3) Social engineering attack: Venmo customer support was convinced by the criminals to allow access to Negreanu and Seidel's accounts (in separate phone calls or e-mails).

    4) Email compromise: Their e-mail was accessed in some way by the criminals (usually by phishing, but sometimes other ways), and this allowed their password to be reset (and the notification of it being reset deleted).

    5) Keylogger attack: These guys used a computer at some point -- perhaps their own, perhaps someone else's -- which logged their key presses, and the criminals obtained their Venmo password this way.

    6) Insider attack: Someone at Venmo enabled access to these accounts by criminal friends.

    7) Exploit/hacking of Venmo: Someone has a way to exploit Venmo itself to break into accounts.



    Here are my tips to prevent yourself from becoming a victim:

    1) You gotta keep 'em separated! Always use separate passwords for different sites, even if they vary by only a little.

    2) Don't click links. Never click on links from payment services in e-mail. Always go to the URL directly.

    3) Don't hold a balance on Venmo or PayPal. Always cash it out. This is protection against both hacking and unfair confiscation. Any money stolen through your bank can be recovered fairly easily. Any money stolen directly out of your Venmo/PayPal balance can be very difficult to recover, and you have zero power in the situation.

    4) Use a different e-mail for these services than you normally use for regular correspondences with people.

    5) Lock 'em up! Set up maximum security, such as two-layer verification before payments are allowed.

  2. #2
    Platinum Jayjami's Avatar
    Reputation
    1023
    Join Date
    Feb 2014
    Location
    California
    Posts
    3,663
    Load Metric
    85267887
    Quote Originally Posted by Dan Druff View Post
    1) You gotta keep 'em separated!

    “You’re under 18 you won’t be doing any time” might be the best line ever.

     
    Comments
      
      Sanlmar: You’re under 18 you won’t be doing any time. Indeed
      
      Sludge: It’s hard to believe this great song is already 27 years old.

  3. #3
    Owner Dan Druff's Avatar
    Reputation
    10492
    Join Date
    Mar 2012
    Posts
    56,203
    Blog Entries
    2
    Load Metric
    85267887
    They got Vanessa Selbst, too. They also hacked her wife.

    Apparently this is either an inside job, or someone found an exploit in Venmo. All three victims are reporting that Venmo Support is virtually ignoring them, so you really should get your entire balance off Venmo NOW.

    Vanessa actually provided the first view into the process the hacker is using.

    https://twitter.com/RealKidPoker/status/1331703745848098817

    https://twitter.com/VanessaSelbst/status/1331705520118501384

    https://twitter.com/VanessaSelbst/status/1331779209258274817

    https://twitter.com/VanessaSelbst/status/1331781546722942976

    https://twitter.com/VanessaSelbst/status/1331789456446255105


    So it appears that the hackings occur by sending a request for money to someone, which then opens up some kind of security vulnerability. It also looks like they can target anyone they want. Once they got access to Vanessa's account, they noticed she sent her balance to her wife, so the hackers then grabbed her wife's account.

    This looks like it's probably impossible to stop. While I believed that perhaps Seidel and Negreanu were tricked by a phishing trick, it's hard to believe that Vanessa's wife was nailed by phishing right after Vanessa's account got compromised. You'd think Vanessa would be too suspicious at that point to allow this to happen.

    She did make a mistake by transferring the money to her wife, instead of initiating a cashout. She might have been worried that the cashout would be too slow, and might be able to be cancelled. But if you're that worried hackers are going to get into your account, then sending the money to your wife isn't going to help, since the hackers will see where the money went, and get it anyway (and that's exactly what happened).

    What a mess.

    In the 2000s, "Steve Da Pimp", a former NWP user, had some way to take over AOL e-mail accounts at will. Using this method, he hijacked lots of high profile online poker accounts. He also tricked people into BS money transfers between sites once he had access to these e-mails (and poker accounts). For example, he'd be on Full Tilt as John Juanda (one of his victims) and ask someone else, "Hey, can you send me $20k on Stars for $20k here", and people would send, believing it to actually be Juanda.

    Steve was never caught for this. I actually had the FBI investigating him, but it ultimately didn't go anywhere. Steve ended up in prison for awhile for an unrelated crime.

  4. #4
    Owner Dan Druff's Avatar
    Reputation
    10492
    Join Date
    Mar 2012
    Posts
    56,203
    Blog Entries
    2
    Load Metric
    85267887
    Also, for the moment, it is wise to unlink all bank accounts and credit cards from Venmo (unless you're in the process of cashing out).

    Then you're untouchable.

  5. #5
    Cubic Zirconia
    Reputation
    22
    Join Date
    Feb 2014
    Location
    vegas
    Posts
    45
    Load Metric
    85267887
    an Uber ride? wonder if he is smart enough to realize that it would be very easy to report him to the police. u would have all the evidence of 2 known locations of where he was, in which case video might be available of who he is. why hasnt Todd suggested this yet? maybe im the only one capable of realizing it, since he isnt autistic like me.

  6. #6
    Owner Dan Druff's Avatar
    Reputation
    10492
    Join Date
    Mar 2012
    Posts
    56,203
    Blog Entries
    2
    Load Metric
    85267887
    Quote Originally Posted by sevencard2003 View Post
    an Uber ride? wonder if he is smart enough to realize that it would be very easy to report him to the police. u would have all the evidence of 2 known locations of where he was, in which case video might be available of who he is. why hasnt Todd suggested this yet? maybe im the only one capable of realizing it, since he isnt autistic like me.
    People already suggested this on Twitter. It's not clear what Daniel did with this information.

  7. #7
    Owner Dan Druff's Avatar
    Reputation
    10492
    Join Date
    Mar 2012
    Posts
    56,203
    Blog Entries
    2
    Load Metric
    85267887
    A Twitter user reported to me that they got a warning from Chrome that their "saved passwords" to caesars.com and one other Caesars site was "compromised due to a data breach", and advised changing them.

    I wonder if the passwords used on caesars.com by Daniel, Erik, and Vanessa were the same as their Venmo passwords. But how would that explain Vanessa's wife? And why would that weird request for money always need to precede the hacking? Probably unrelated, but still worth noting.

  8. #8
    Gold Shizzmoney's Avatar
    Reputation
    457
    Join Date
    Mar 2012
    Posts
    2,453
    Blog Entries
    1
    Load Metric
    85267887
    LOL @ leaving 15K in your venmo account
    http://www.miraclecovers.com

    "Donk down, that’s what you say to someone after they have lost 28K straight?" - Phil Hellmuth, online

  9. #9
    Owner Dan Druff's Avatar
    Reputation
    10492
    Join Date
    Mar 2012
    Posts
    56,203
    Blog Entries
    2
    Load Metric
    85267887

     
    Comments
      
      shoeshine box: what shuck to have a Venmo acct still Mike...duh.

  10. #10
    Gold Cerveza Fria's Avatar
    Reputation
    483
    Join Date
    May 2015
    Location
    South Florida
    Posts
    1,912
    Load Metric
    85267887
    Quote Originally Posted by Dan Druff View Post
    Also, for the moment, it is wise to unlink all bank accounts and credit cards from Venmo (unless you're in the process of cashing out).

    Then you're untouchable.

    Unless someone inside your bank (an employee) that knows the history and usual activity of the accounts transfers money out of your account into another. It's happened to me..twice.

  11. #11

  12. #12
    Cubic Zirconia
    Reputation
    16
    Join Date
    Mar 2015
    Posts
    48
    Load Metric
    85267887
    With Venmo just go into settings and enable FaceID or thumb ID and problem is solved. But don't click on any stupid links in emails from fake paypal support, fake facebook support etc. Always type in the URL yourself if you need to login never use from email or a text.

  13. #13
    Owner Dan Druff's Avatar
    Reputation
    10492
    Join Date
    Mar 2012
    Posts
    56,203
    Blog Entries
    2
    Load Metric
    85267887
    Unfortunately, Face/Thumb ID stuff may not stop this.

    I am fairly certain that this is some kind of backdoor hack by either a Venmo insider or someone who has breached their system. I'm guessing it's the latter, because it seems this hack requires a request to be sent for money to the potential victim, meaning that obviously has to be part of the vulnerability.

    My guess is that this allows the hacker to bypass all of Venmo's security measures. Really bad.

  14. #14
    Silver
    Reputation
    140
    Join Date
    May 2013
    Posts
    876
    Load Metric
    85267887
    Quote Originally Posted by Dan Druff View Post
    Unfortunately, Face/Thumb ID stuff may not stop this.

    I am fairly certain that this is some kind of backdoor hack by either a Venmo insider or someone who has breached their system. I'm guessing it's the latter, because it seems this hack requires a request to be sent for money to the potential victim, meaning that obviously has to be part of the vulnerability.

    My guess is that this allows the hacker to bypass all of Venmo's security measures. Really bad.
    Is it still happening? This is a pretty big deal for which we never got an explanation.

    Obviously, Venmo is never going to acknowledge it's their fault, but WTF?

  15. #15
    Owner Dan Druff's Avatar
    Reputation
    10492
    Join Date
    Mar 2012
    Posts
    56,203
    Blog Entries
    2
    Load Metric
    85267887
    Quote Originally Posted by Sidewinder View Post
    Quote Originally Posted by Dan Druff View Post
    Unfortunately, Face/Thumb ID stuff may not stop this.

    I am fairly certain that this is some kind of backdoor hack by either a Venmo insider or someone who has breached their system. I'm guessing it's the latter, because it seems this hack requires a request to be sent for money to the potential victim, meaning that obviously has to be part of the vulnerability.

    My guess is that this allows the hacker to bypass all of Venmo's security measures. Really bad.
    Is it still happening? This is a pretty big deal for which we never got an explanation.

    Obviously, Venmo is never going to acknowledge it's their fault, but WTF?
    Looks like it is. Bonomo got hit twice -- once in November, and once in January, according to those tweets.

    I can't imagine anything has changed, unless Venmo fixed it and stayed silent about it.

  16. #16
    Silver
    Reputation
    140
    Join Date
    May 2013
    Posts
    876
    Load Metric
    85267887
    Quote Originally Posted by Dan Druff View Post
    Quote Originally Posted by Sidewinder View Post

    Is it still happening? This is a pretty big deal for which we never got an explanation.

    Obviously, Venmo is never going to acknowledge it's their fault, but WTF?
    Looks like it is. Bonomo got hit twice -- once in November, and once in January, according to those tweets.

    I can't imagine anything has changed, unless Venmo fixed it and stayed silent about it.
    If it's some sort of inside job then non-poker players should have experienced the same thing....

    In your opinion - is moving the $$ out of ur Venmo enough or should the account be disabled altogether?

    Is it only woke, nut-low politically confused poker players or what? Where are all the maga poker players with hacked Venmo accounts...

    edit: nvm i see Mike M. got it too.. so strange...
    Last edited by Sidewinder; 02-27-2021 at 05:25 PM.

  17. #17
    Owner Dan Druff's Avatar
    Reputation
    10492
    Join Date
    Mar 2012
    Posts
    56,203
    Blog Entries
    2
    Load Metric
    85267887
    Quote Originally Posted by Sidewinder View Post
    Quote Originally Posted by Dan Druff View Post

    Looks like it is. Bonomo got hit twice -- once in November, and once in January, according to those tweets.

    I can't imagine anything has changed, unless Venmo fixed it and stayed silent about it.
    If it's some sort of inside job then non-poker players should have experienced the same thing....

    In your opinion - is moving the $$ out of ur Venmo enough or should the account be disabled altogether?

    Is it only woke, nut-low politically confused poker players or what? Where are all the maga poker players with hacked Venmo accounts...

    edit: nvm i see Mike M. got it too.. so strange...
    Clearly the person doing it is a fan of poker, and realizes that those are the accounts likely to have big $ sitting in them.

    Who else typically would? Even really rich people don't just leave tens of thousands sitting around in Venmo.

    There might be other victims outside of poker, but we have no way to hear about it.

  18. #18
    Platinum JeffDime's Avatar
    Reputation
    1506
    Join Date
    Apr 2020
    Location
    Brick City, USA
    Posts
    2,804
    Load Metric
    85267887

    Wink

    God forbid Bonomo actually has something to worry about other than his white privilege.

  19. #19
    Silver
    Reputation
    140
    Join Date
    May 2013
    Posts
    876
    Load Metric
    85267887
    Quote Originally Posted by Dan Druff View Post
    Quote Originally Posted by Sidewinder View Post

    If it's some sort of inside job then non-poker players should have experienced the same thing....

    In your opinion - is moving the $$ out of ur Venmo enough or should the account be disabled altogether?

    Is it only woke, nut-low politically confused poker players or what? Where are all the maga poker players with hacked Venmo accounts...

    edit: nvm i see Mike M. got it too.. so strange...
    Clearly the person doing it is a fan of poker, and realizes that those are the accounts likely to have big $ sitting in them.

    Who else typically would? Even really rich people don't just leave tens of thousands sitting around in Venmo.

    There might be other victims outside of poker, but we have no way to hear about it.
    It's possible the hacker can't scan the entire Venmo system for large balances but can try specific people.

    I know people that aren't poker/twiiter famous with 5 figures in their Venmo since pre-covid all the up and until now and nothing has happened.

  20. #20
    Owner Dan Druff's Avatar
    Reputation
    10492
    Join Date
    Mar 2012
    Posts
    56,203
    Blog Entries
    2
    Load Metric
    85267887
    Quote Originally Posted by Sidewinder View Post
    Quote Originally Posted by Dan Druff View Post

    Clearly the person doing it is a fan of poker, and realizes that those are the accounts likely to have big $ sitting in them.

    Who else typically would? Even really rich people don't just leave tens of thousands sitting around in Venmo.

    There might be other victims outside of poker, but we have no way to hear about it.
    It's possible the hacker can't scan the entire Venmo system for large balances but can try specific people.

    I know people that aren't poker/twiiter famous with 5 figures in their Venmo since pre-covid all the up and until now and nothing has happened.
    Honestly if you asked me to name a non-poker-player (anyone, whether I know them personally or not), who has 5 figures in their Venmo right now, I'd be pressed to come up with a name.

    But yeah I'm guessing they can't scan for balances, but rather have to take shots at whomever they think has $.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Venmo now shutting down accounts receiving big $ / used for gambling
    By Dan Druff in forum Poker Community Discussion
    Replies: 4
    Last Post: 11-25-2020, 08:38 PM
  2. SrslySirius vs. Daniel Negreanu
    By Dan Druff in forum Flying Stupidity
    Replies: 76
    Last Post: 07-30-2020, 11:04 PM
  3. Replies: 23
    Last Post: 07-20-2020, 02:08 PM
  4. Negreanu Twitter hacked LOL
    By NaturalBornHustler in forum Flying Stupidity
    Replies: 3
    Last Post: 04-01-2016, 01:09 PM
  5. An evening with Erik Seidel
    By Dan Druff in forum Flying Stupidity
    Replies: 8
    Last Post: 06-24-2014, 08:07 AM