Several High-Stakes Poker Players Report Being Hacked
Several high-stakes poker players took to Twitter over the last couple days reporting that some of their accounts had been hacked. Vanessa Selbst, Vanessa Rousso, Cate Hall, and Dan Smith were some of the victims, with hackers gaining access to accounts ranging from cell phones to Twitter accounts.
Dan Smith was one of the first to bring the issue to light, and Tweeted his plight with a bit of humor reflecting his recent run at the PokerStars SCOOP.
According to poker pro Doug Polk, who released a YouTube video breaking down the situation, some victims have had hackers call their cell phone service providers posing as the account owner and getting the victims' service switched to a new phone – creating some unique opportunities to gain access to accounts.
"Now they have your phone number and can call or text whoever," Polk said via YouTube. "And you can think about a lot of accounts online that do verification through SMS. Let's say that I lost my password to some account and I wanted to have it recovered. They could say, 'We're texting your phone number the verification code to reset your password to one.' Well, if it send to your phone, but [the hackers] have your phone they can reset the account and you can see how they can get into a lot of accounts."
"I know other people who have been getting hacked, but just have not come forward publicly," Polk added.
Only a couple days ago, Rousso's Twitter account had apparently been hacked with Tweets going out saying she was in trouble and that someone needed to help her. She later announced she had been hacked and her account taken over.
Poker player Cate Hall was also the victim of hacking and reportedly had her Facebook and Twitter accounts overtaken.
While losing control of Facebook and Twitter can be problematic, hacking of a cell phone in general can be cause for bigger concerns. Selbst Tweeted that someone had apparently gone through her cell phone provider claiming to be her and seeking to change her pin number. The pin was changed and someone gained access to her phone.
"Anything you back with text messaging, which many do for Gmail, is vulnerable," Polk noted in his video. "They got access to her Gmail and all kinds of different things, but did not get access to her Bitcoin or anything like that because those accounts had 2FA that were not through text."
2FA stands for two-factor authentication – in contrast with only one-factor. 2FA adds a second security measure beyond just a primary authentication such as a password.
"Two-factor authentication provides an additional layer of security and makes it harder for attackers to gain access to a person's devices and online accounts, because knowing the victim's password alone is not enough to pass the authentication check," according to Information Security magazine. "Two-factor authentication has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users' data from being accessed by hackers who have stolen a password database or used phishing campaigns to obtain users' passwords."
However, if SMS text message is a layer of protection, the system could be irrelevant to a hacker able to gain access to a user's phone service. As Forbes recently noted, the use of cell phone technology as a gateway to hacking individual accounts, including financial, is a growing problem and that cryptocurrency (such as Bitcoin) is a common target for hackers seeking a monetary score.
"The security weakness being exploited here is not one that only affects cryptocurrency industry players — they are simply being targeted first because such transactions cannot be undone," Forbes notes. "The security loophole these hackers are milking can be used against anyone who uses their phone number for security for services as common as Google, iCloud, a plethora of banks, PayPal, Dropbox, Evernote, Facebook, Twitter, and many others. The hackers have infiltrated bank accounts and tried to initiate wire transfers; used credit cards to rack up charges; gotten into Dropbox accounts containing copies of passports, credit cards and tax returns; and extorted victims using incriminating information found in their email accounts."
There is not a complete accounting of how many poker players were affected, why they were chosen, or if it is mere coincidence several were victimized at roughly the same time. However, many in the poker community believe high-stakes players are an obvious target because of their larger bankrolls and ease of finding out personal information from the Internet to help bypass cell phone security protocols.
"Online players who are not vigilant get hacked somewhat often, but I have never had an issue," said Jonathan Little, poker pro and teacher at PokerCoaching.com.
Many in the security industry blame the telecom companies for falling victim to hackers impersonating cell phone users and too easily making account changes. With cell phones being so important to so many for financial services and other important information, critics say more stringent procedures are needed to protect privacy.
"The [telecom] companies don't treat your phone number like a bank account, but it should be treated like your bank," Jesse Powell, CEO of U.S.-based cryptocurrency exchange Kraken, told Forbes. "If you show up without your pin code or your ID, then they shouldn't help you. But they prioritize convenience above all else."