WARNING - Betfair account hacked / fraud

News, chat and debate about the Betfair betting exchange.
Post Reply
User avatar
Euler
Posts: 24815
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ

LeTiss 4pm wrote:user error, how does that work then?
Similar to what 'washly' has said. Would worry me if it cut off while you were logged in. I've only experianced it before I have logged in.

Basically you have username 'username01' but somebody has a similar name and mistypes it a few times. Then you suddenly can't get into your account.
Top
User avatar
walshy
Posts: 207
Joined: Fri May 29, 2009 12:05 am

The fact that I was logged in and trading is why I was so angry at the time, as obviously it could have led to a big loss .

I can understand the issue with "username01" and with hindsight i wouldnt have picked a similar name.

It has only happened the once though!
Top
User avatar
aperson
Posts: 206
Joined: Thu Feb 07, 2013 5:23 pm

I've just noticed in the "my security" part of my betfair account that you can now set up 2 step authentication, whereby you need your smartphone with you in order to access your account.I pressume this solves a lot of the issues mentioned in this thread? Sorry if this is old news but I've only just noticed it!
Top
User avatar
Euler
Posts: 24815
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ

We put a new buld of Bet Angel on the site this week that is compatiable with two step authentication. So if you are thinking of using this, long overdue but welcome, security feature. Please ensure you download the very latest version of Bet Angel.
Top
spreadbetting
Posts: 3140
Joined: Sun Jan 31, 2010 8:06 pm

Just saw a post about it on the bf forum, a welcome addition indeed. Have you tried adding the code to the end of the password in the existing app and seeing if6 that works as the say, Euler?
Top
User avatar
aperson
Posts: 206
Joined: Thu Feb 07, 2013 5:23 pm

Thanks Euler, that answers my next question which was going to be how would it work in relation to BA.
Top
followthatcamel
Posts: 73
Joined: Thu Apr 16, 2009 12:54 am

V 1.34.1 only seems to accept 2 step process if using connection mode 0, modes 1 and 13 return message stating unable to connect to betfair with user name, password supplied? Is this a BA or betfair issue?

I run a second version of BA under mode 1 as part of contingency set up to cover any API issues and never had this problem prior to using the google 2 step process.

Any suggestions welcome.

Regards
Doug
Top
Bet Angel
Bet Angel
Bet Angel
Posts: 4001
Joined: Tue Apr 14, 2009 3:47 pm

We'll have a look at that. It worked with mode 1 when betfair first enabled 2 step security, but maybe they've changed something in the last 24 hrs.
Top
Bet Angel
Bet Angel
Bet Angel
Posts: 4001
Joined: Tue Apr 14, 2009 3:47 pm

We can confirm that 2 step authentication isn't working with connection modes 1 & 13 anymore, but it looks like we'll be able to modify the non-API login process to get it working again.
We plan to issue a new build in the next few days.

Connection mode 0 is unaffected.
Top
andyfuller
Posts: 4619
Joined: Wed Mar 25, 2009 12:23 pm

Just had an email this morning from another vendor that I used to use that is basically saying that a vendor/befair had a security breach a while back where usernames and passwords were compromised.

Could this have been the cause of all the trouble people had on this thread?

If so surely either the vendor or Betfair are liable for any losses?

It didn't say who the vendor was, but I am sure it wouldn't be too hard to figure out and also would be interesting to see if it was a common link between those who were 'hacked'.
Top
User avatar
Euler
Posts: 24815
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ

Hopefully two step authentication will eliminate any funny business every occurring again. Not sure that there is any reason to capture your password? We don't know it and I thought Betfair strictly prohibited it?
Top
User avatar
Ethanol
Posts: 148
Joined: Thu Jun 09, 2011 9:09 am

andyfuller wrote:Just had an email this morning from another vendor that I used to use that is basically saying that a vendor/befair had a security breach a while back where usernames and passwords were compromised.

Could this have been the cause of all the trouble people had on this thread?
Why does a vendor need to store user passwords within their database? In terms of security, these should be stored locally, on a user's device. A concerning practice, if this is the case.

It does seem probable; although I'm still not convinced that Betfair's security is up to much and could just as easily be the source. To conclude that a third party is at fault, we would need these people to recall every website/application which they've ever logged-in with. Assuming these people are not long gone - any takers?
Top
andyfuller
Posts: 4619
Joined: Wed Mar 25, 2009 12:23 pm

Which ever vendor it was, has it been said they were storing passwords?

As Peter said I didn't think that was allowed by any vendor as Betfair strictly forbid it.
Top
hgodden
Posts: 1759
Joined: Thu Apr 16, 2009 2:13 pm

I had my account hacked and have never used the vendor in question. Tbh I can't remember the name of it but I remember that it is very much a niche product that most people wont have used.

I've been told that betfair still have people's accounts being hacked into (could be from several sources) so vigilance is the watchword!
Top
User avatar
Ethanol
Posts: 148
Joined: Thu Jun 09, 2011 9:09 am

andyfuller wrote:Which ever vendor it was, has it been said they were storing passwords?
Other than deliberately storing the details, the only two other scenarios I could envisage would be that passwords were being deliberately sniffed at some point during the communication process from client to vendor (but this still doesn't explain why the vendor needed the passwords), or that their application contained some form of malware (not necessarily of their own doing) which sent these details to a third party.
Top
Post Reply

Return to “Betfair exchange”