WARNING - Betfair account hacked / fraud

News, chat and debate about the Betfair betting exchange.
Post Reply
User avatar
to75ne
Posts: 2413
Joined: Wed Apr 22, 2009 5:37 pm

Just logged into ba and my account balance was zero. I have not traded since last monday and as I was not going to trade again till today, as usual I withdraw the bulk of the money and just left the odd amount (in this case 30 odd quid).

I was writing a spread sheet and tested it on the last couple of dog races last night swindon 21:40 ish and the next Romford race about 15 minutes later with £2 stakes. . sheet worked fine so logged out about 21:45 or so.

Logged into ba about 1 ish today and account balance zero.

Logged into betfair site account balance £0.22p

Betfair confirmed what my balance was when I logged out last night, and they say they my account balance was moved to their casino at 11.16 today (I have never been to betfair casino or placed a bet there).

My account as now been suspended whilst their fraud department look into this matter.

If anyone keeps large amounts in their account please consider withdrawing the bulk after every session and re-depositing at the start of their next session because if my account as been hacked/compromised, then I can only assume anyone’s can be. I change my password regularly and use a strong randomly generated one.

lucky I only left a small amount in there.
Talkbet
Posts: 67
Joined: Tue Apr 26, 2011 6:35 am

Ouch, sorry to hear that. Check your PC asap in case it has some logging software on it that has captured your BF username and password.

Keep us posted on the outcome. If you can still login (presumably you cant though), you can see the IP addresses of recent logins under My Account.
freddy
Posts: 1132
Joined: Sun Aug 01, 2010 8:22 pm

Im not really suprised to be honest
Betfair's security is still in the dark ages.

Needs to improve badly imo :(
hope betfair do the decent thing but i doubt it.
User avatar
Euler
Posts: 24701
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ

I also think Betfair's security is a bit lax. I think you can exclude yourself from the casino and games though, so I suggest everybody do that as I guess most BA users are not daft enough to think they can get an edge on those parts of the Betfair site.
User avatar
to75ne
Posts: 2413
Joined: Wed Apr 22, 2009 5:37 pm

betfair got back about ½ an hour ago. they confirmed that my account was logged into from a different ip address than normal.

they/it placed bets in the order or 0.25p on various casino” games”.

they are still investigating so account still suspended and likely to be for a couple of days. they will reimburse my 35 quid or so as i have never used their casino (or any other for that matter) but, if it had been the normal exchange they would not have.

lucky really only a nose bleed, could have been a haemorrhage if i was not in the habit of emptying my account regularly.

i’ve run malebytes and hi jack this, and all seems to be ok. but im quite “nervous” about what may be lurking in the guts of my machine, so i have started moving important stuff onto dvd and intend to reformat the hard drive and reinstall windows, as i now have a couple of days free from trading, plus it will clear all of the junk its managed to collect.

i assumed that the casino was a separate entity from the exchange obviously i am wrong. when the betfair security fella rings back later today/tomorrow i will request my account is permanently excluded from the casino, thanks euler sound advice. and i hope everyone does the same.
User avatar
LeTiss
Posts: 5386
Joined: Fri May 08, 2009 6:04 pm

How do you exclude the Casino from your account?
I don't see any tick box option for this.

BF's security scares the pants off me!

I've just looked on my security section, it gives 3 different IP addresses for me logging on over the past 2 days. Not sure how that is, I've logged on from the same home address with the same laptop!
Iron
Posts: 6793
Joined: Fri Dec 11, 2009 10:51 pm

The security is pretty terrible.

Why can't Betfair require that withdrawls be confirmed by clicking on a link in an automated email?

That way, for a hacker to withdraw your funds, they'd also need to know your email password.

It's not rocket science... :?

Jeff
User avatar
to75ne
Posts: 2413
Joined: Wed Apr 22, 2009 5:37 pm

i have just reformatted and reinstalled windows. machine boots up in no time now, mind you i only have firefox loaded at the moment.

does anyone remember/know what version of netframework ba needs?

la tiss i suggest in the light of what happened to me, perhaps you should bring the 3 different ip addresses to befairs attention.

jeff, how would they deposit any money into an account other than mine? the one that i have registered. could that be possable?
Iron
Posts: 6793
Joined: Fri Dec 11, 2009 10:51 pm

Would it not simply be the case of registering a new card and withdrawing the funds to that card?

As they can log into your account, then they can find out your address, dob, etc, so it would be easy enough for them to ring up Betfair and pretend to be you if it's not possible for them to do it online.

Jeff

PS In light of the above, why not ring up Betfair and give them a telephone password, with instructions only to discuss your account with you in future when you've given them the password?
to75ne wrote: jeff, how would they deposit any money into an account other than mine? the one that i have registered. could that be possable?
User avatar
to75ne
Posts: 2413
Joined: Wed Apr 22, 2009 5:37 pm

jeff never thought of that. i only have one registered, cant remember how to register an account its been yaers since i joined and have used the same account from the begining. i suppose it would be quite straight forward. quite scary really.

think i will cahnge all my online passwords, email, amazon etc etc, just to be on the safe side, if thats possable :lol:
User avatar
to75ne
Posts: 2413
Joined: Wed Apr 22, 2009 5:37 pm

Ferru123 wrote:Would it not simply be the case of



Jeff

PS In light of the above, why not ring up Betfair and give them a telephone password, with instructions only to discuss your account with you in future when you've given them the password?
they already have security questions, which i have had to give the correct answers several times today, i would assume/hope thay would always go through the routine , ask the questions whether i ring them, they ring me, someone rings them pretending to me or they ring someone they assume to be me.
Iron
Posts: 6793
Joined: Fri Dec 11, 2009 10:51 pm

Can the answers to those questions be found within your account though?

Jeff
User avatar
to75ne
Posts: 2413
Joined: Wed Apr 22, 2009 5:37 pm

i dont think so jeff. but when the fraud people ring me back i will request a complete change of security questions and answers. thanks jeff good idea.
Iron
Posts: 6793
Joined: Fri Dec 11, 2009 10:51 pm

No worries Tony. Good luck in getting it sorted.

Jeff
hgodden
Posts: 1759
Joined: Thu Apr 16, 2009 2:13 pm

Excluding yourself from products you don't use is a great idea.

Just go to My Account, My Profile and click on the Edit Limits or Self Exclude link and follow from there.

It goes without saying I'm sure but make sure you read very carefully what you're agreeing to be excluded from and do it one thing at a time. On the main page there is the option which would exclude you from the entire site, not just the games etc, so be careful!
Post Reply

Return to “Betfair exchange”