Betfair account hacking attempt

[Derek27]

They were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.

Derek, what painful process did you have to go through to change your username?

A few years ago somebody was making multiple attempts (about every 5 seconds) to get into my account so I kept getting locked out. CS kept telling me there's nothing they can do and that I should change my password (even though I couldn't get into my account and it wouldn't make any difference what my password was), but after about a week I found a CS agent with a bit of common sense. She gave me a new account.

[jamesedwards]

They were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.

Derek, what painful process did you have to go through to change your username?

A few years ago somebody was making multiple attempts (about every 5 seconds) to get into my account so I kept getting locked out. CS kept telling me there's nothing they can do and that I should change my password (even though I couldn't get into my account and it wouldn't make any difference what my password was), but after about a week I found a CS agent with a bit of common sense. She gave me a new account.

Thanks Derek. When you say new account, do you mean new account or new username? What happened to all your account history?

[jamesedwards]

They were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.

Derek, what painful process did you have to go through to change your username?

I had the same problem last month. In my case, the problem was solved after I`d changed my email. It seems that when they enter your email as your username, it shows as an unsuccessful login attempt even when your username is not your email. So, I would suggest registering a unique email that is not used anywhere else.

Thanks very much for this info. You are quite right, if I try and log-in using my email rather than my user name it returns the error "Email login is disabled for this account, please login using your username below", but, importantly, this also triggers a 'login failed' attempt on my security page. I will try changing my email and see if this stops the hacking attempts.

They were at it again last night, third night in a row.

[ShaunWhite]

I wondered if it was just accounts with an email username that were being attacked, or ones with a user defined name? (mine are user defined)

[jamesedwards]

I wondered if it was just accounts with an email username that were being attacked, or ones with a user defined name? (mine are user defined)

My account is user defined name. But if I try and login using my registered email address Betfair still counts it as a failed login attempt. It's likely that the attackers are using my email address (which has been pwned) so hopefully changing my registered email address will stop them.

[Euler]

I thought you could exclude the use of your email address? I never use my email to log in anywhere if I can avoid it.

I noticed unusal activity on one of my accounts recently and further investigation revealed it was a web app I was using that had a 'keep alive' function.

[jamesedwards]

I thought you could exclude the use of your email address? I never use my email to log in anywhere if I can avoid it.

I noticed unusal activity on one of my accounts recently and further investigation revealed it was a web app I was using that had a 'keep alive' function.

You can exclude login from email. But Betfair still counts an attempt using your email as a failed login.

I'm guessing/hoping that the attackers are using my email address, rather than my username.

[ShaunWhite]

Has anyone actually been hacked and lost money ? And had a problem proving it?

You'll never stop people trying but so far 2fa seems to be doing the job. Tbh being able to see failed logins is quite innovative and I don't think the banks would dare to do it as it would show the scale of the issue generally.

[Selmer]

They were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.

Derek, what painful process did you have to go through to change your username?

I had the same problem last month. In my case, the problem was solved after I`d changed my email. It seems that when they enter your email as your username, it shows as an unsuccessful login attempt even when your username is not your email. So, I would suggest registering a unique email that is not used anywhere else.

Thanks very much for this info. You are quite right, if I try and log-in using my email rather than my user name it returns the error "Email login is disabled for this account, please login using your username below", but, importantly, this also triggers a 'login failed' attempt on my security page. I will try changing my email and see if this stops the hacking attempts.

They were at it again last night, third night in a row.

My account was also attacked every day. I know that feeling when you see someone trying so hard to rob you and you can`t really do anything about it. I hope changing your email will put an end to it.

[Derek27]

They were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.

Derek, what painful process did you have to go through to change your username?

A few years ago somebody was making multiple attempts (about every 5 seconds) to get into my account so I kept getting locked out. CS kept telling me there's nothing they can do and that I should change my password (even though I couldn't get into my account and it wouldn't make any difference what my password was), but after about a week I found a CS agent with a bit of common sense. She gave me a new account.

Thanks Derek. When you say new account, do you mean new account or new username? What happened to all your account history?

A new username is effectively a new account. I don't think it's possible to change your username; it probably defines your account. I haven't created a username for my new account. I log in with an email address believing you can change it whenever you want to, but I found out more recently you can't even do that!

My account history started from scratch, but I had to ask them to transfer my PC history to my new account. I don't know if they would have done it anyway but I didn't want to lose my lifetime commission rate or risk having my account closed if they later think I changed my account to avoid PC.

[jamesedwards]

Has anyone actually been hacked and lost money ? And had a problem proving it?

You'll never stop people trying but so far 2fa seems to be doing the job. Tbh being able to see failed logins is quite innovative and I don't think the banks would dare to do it as it would show the scale of the issue generally.

As well as the fear factor of being hacked, it's also a pain in the ass because every time you login after a failed hacking attempt you have to complete a forced password change.

[Archangel]

Hopfully everyone on there at this stage is using 2FA. Its a no brainer really

[jamesedwards]

Weirdly, changing my email address worked for two days, but since yesterday the hacking attempts have returned.

It's reached a point where "IF (balance you might lose to a hacker * the risk of that %) > (the income you might lose if you're out of action * that risk %). THEN do ELSE don't" is now "do", and I've alerted Betfair to the problem.

Will be interesting to see if there is any action possible/proposed.

[jimibt]

Interestingly, i haven't logged into BF for quite some time and thought I'd check to see how many attempts had been made since i last logged in earlier in the year. The answer -zero!!

last-logins.png

not sure how some folk are targeted and others not.

[LeTiss]

Anyone who doesn't have 2FA in place needs to give their head a wobble

We heard numerous tales of people being defrauded before this was introduced