A similar discussion was posted on the moneysavingexpert.com forum a while back; my reply was thus:
http://forums.moneysavingexpert.com/sho ... st41213258
All this security at the users' end is not going to help if the problem is in fact a result of Betfair's own lack of security:
- Betfair's login system works on bare-bones HTTP, so your username and password could be intercepted anywhere from your PC to Betfair's servers. This includes unscrupulous employees at any ISP. You can try to force a HTTPS connection (by prepending the URL with https://), but this seems to break Betfair's site, and it also has a convenient habit of switching back to standard HTTP whenever it gets the chance.
- Are users' passwords being sent in plain text across Betfair's network, so that an unscrupulous employee could sniff them out?
- Are Betfair encrypting their database passwords? If not, anyone with access to the database will be able to view all users' credentials.
We can change our passwords daily, and all of the above will still be an issue. I think the fact that Betfair's site doesn't work via HTTPS is enough proof that they don't take security seriously enough. I believe that there's quite a strong possibly that it is not any fault of the OP that this money has been taken.
They're holding people's money like a bank, so they should really have security like a bank. Like I said in my quoted post above, HTTPS would be a great start, and I've no idea why this isn't already implemented!
I log-in to Facebook using a HTTPS connection, and I have no payment details stored on there! I just don't want people intercepting my personal messages... (for those in doubt, packet sniffing of transferred data is far easier than you might think)
Until Betfair make changes (this won't happen), then I suggest that anyone who logs-in via an unsecured Wi-Fi network first connects to a VPN. If you don't, all of your unsecured passwords transferred to and from the Internet (Betfair, etc...) are a free for all for anyone in the vicinity armed with wireless sniffing software.
On another note, in your Betfair IP history, all IPs with the pattern 10.*.*.* are Betfair's internal IPs. In theory, seeing these in your history should pose no problem; unless of course, there's an unscrupulous Betfair employee at work...