A few years ago somebody was making multiple attempts (about every 5 seconds) to get into my account so I kept getting locked out. CS kept telling me there's nothing they can do and that I should change my password (even though I couldn't get into my account and it wouldn't make any difference what my password was), but after about a week I found a CS agent with a bit of common sense. She gave me a new account.jamesedwards wrote: ↑Sun Oct 15, 2023 9:33 amThey were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.
Derek, what painful process did you have to go through to change your username?
Betfair account hacking attempt
- jamesedwards
- Posts: 2378
- Joined: Wed Nov 21, 2018 6:16 pm
Thanks Derek. When you say new account, do you mean new account or new username? What happened to all your account history?Derek27 wrote: ↑Sun Oct 15, 2023 10:40 pmA few years ago somebody was making multiple attempts (about every 5 seconds) to get into my account so I kept getting locked out. CS kept telling me there's nothing they can do and that I should change my password (even though I couldn't get into my account and it wouldn't make any difference what my password was), but after about a week I found a CS agent with a bit of common sense. She gave me a new account.jamesedwards wrote: ↑Sun Oct 15, 2023 9:33 amThey were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.
Derek, what painful process did you have to go through to change your username?
- jamesedwards
- Posts: 2378
- Joined: Wed Nov 21, 2018 6:16 pm
Thanks very much for this info. You are quite right, if I try and log-in using my email rather than my user name it returns the error "Email login is disabled for this account, please login using your username below", but, importantly, this also triggers a 'login failed' attempt on my security page. I will try changing my email and see if this stops the hacking attempts.Selmer wrote: ↑Sun Oct 15, 2023 10:06 pmI had the same problem last month. In my case, the problem was solved after I`d changed my email. It seems that when they enter your email as your username, it shows as an unsuccessful login attempt even when your username is not your email. So, I would suggest registering a unique email that is not used anywhere else.jamesedwards wrote: ↑Sun Oct 15, 2023 9:33 amThey were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.
Derek, what painful process did you have to go through to change your username?
They were at it again last night, third night in a row.
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
I wondered if it was just accounts with an email username that were being attacked, or ones with a user defined name? (mine are user defined)
- jamesedwards
- Posts: 2378
- Joined: Wed Nov 21, 2018 6:16 pm
My account is user defined name. But if I try and login using my registered email address Betfair still counts it as a failed login attempt. It's likely that the attackers are using my email address (which has been pwned) so hopefully changing my registered email address will stop them.ShaunWhite wrote: ↑Mon Oct 16, 2023 11:34 amI wondered if it was just accounts with an email username that were being attacked, or ones with a user defined name? (mine are user defined)
I thought you could exclude the use of your email address? I never use my email to log in anywhere if I can avoid it.
I noticed unusal activity on one of my accounts recently and further investigation revealed it was a web app I was using that had a 'keep alive' function.
I noticed unusal activity on one of my accounts recently and further investigation revealed it was a web app I was using that had a 'keep alive' function.
- jamesedwards
- Posts: 2378
- Joined: Wed Nov 21, 2018 6:16 pm
You can exclude login from email. But Betfair still counts an attempt using your email as a failed login.Euler wrote: ↑Mon Oct 16, 2023 11:48 amI thought you could exclude the use of your email address? I never use my email to log in anywhere if I can avoid it.
I noticed unusal activity on one of my accounts recently and further investigation revealed it was a web app I was using that had a 'keep alive' function.
I'm guessing/hoping that the attackers are using my email address, rather than my username.
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
Has anyone actually been hacked and lost money ? And had a problem proving it?
You'll never stop people trying but so far 2fa seems to be doing the job. Tbh being able to see failed logins is quite innovative and I don't think the banks would dare to do it as it would show the scale of the issue generally.
You'll never stop people trying but so far 2fa seems to be doing the job. Tbh being able to see failed logins is quite innovative and I don't think the banks would dare to do it as it would show the scale of the issue generally.
My account was also attacked every day. I know that feeling when you see someone trying so hard to rob you and you can`t really do anything about it. I hope changing your email will put an end to it.jamesedwards wrote: ↑Mon Oct 16, 2023 8:56 amThanks very much for this info. You are quite right, if I try and log-in using my email rather than my user name it returns the error "Email login is disabled for this account, please login using your username below", but, importantly, this also triggers a 'login failed' attempt on my security page. I will try changing my email and see if this stops the hacking attempts.Selmer wrote: ↑Sun Oct 15, 2023 10:06 pmI had the same problem last month. In my case, the problem was solved after I`d changed my email. It seems that when they enter your email as your username, it shows as an unsuccessful login attempt even when your username is not your email. So, I would suggest registering a unique email that is not used anywhere else.jamesedwards wrote: ↑Sun Oct 15, 2023 9:33 amThey were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.
Derek, what painful process did you have to go through to change your username?
They were at it again last night, third night in a row.
A new username is effectively a new account. I don't think it's possible to change your username; it probably defines your account. I haven't created a username for my new account. I log in with an email address believing you can change it whenever you want to, but I found out more recently you can't even do that!jamesedwards wrote: ↑Mon Oct 16, 2023 8:45 amThanks Derek. When you say new account, do you mean new account or new username? What happened to all your account history?Derek27 wrote: ↑Sun Oct 15, 2023 10:40 pmA few years ago somebody was making multiple attempts (about every 5 seconds) to get into my account so I kept getting locked out. CS kept telling me there's nothing they can do and that I should change my password (even though I couldn't get into my account and it wouldn't make any difference what my password was), but after about a week I found a CS agent with a bit of common sense. She gave me a new account.jamesedwards wrote: ↑Sun Oct 15, 2023 9:33 amThey were at it again last night It seems Betfair allows 4 failed attempts before forcing a password change.
Derek, what painful process did you have to go through to change your username?
My account history started from scratch, but I had to ask them to transfer my PC history to my new account. I don't know if they would have done it anyway but I didn't want to lose my lifetime commission rate or risk having my account closed if they later think I changed my account to avoid PC.
- jamesedwards
- Posts: 2378
- Joined: Wed Nov 21, 2018 6:16 pm
As well as the fear factor of being hacked, it's also a pain in the ass because every time you login after a failed hacking attempt you have to complete a forced password change.ShaunWhite wrote: ↑Mon Oct 16, 2023 12:16 pmHas anyone actually been hacked and lost money ? And had a problem proving it?
You'll never stop people trying but so far 2fa seems to be doing the job. Tbh being able to see failed logins is quite innovative and I don't think the banks would dare to do it as it would show the scale of the issue generally.
- jamesedwards
- Posts: 2378
- Joined: Wed Nov 21, 2018 6:16 pm
Weirdly, changing my email address worked for two days, but since yesterday the hacking attempts have returned.
It's reached a point where "IF (balance you might lose to a hacker * the risk of that %) > (the income you might lose if you're out of action * that risk %). THEN do ELSE don't" is now "do", and I've alerted Betfair to the problem.
Will be interesting to see if there is any action possible/proposed.
It's reached a point where "IF (balance you might lose to a hacker * the risk of that %) > (the income you might lose if you're out of action * that risk %). THEN do ELSE don't" is now "do", and I've alerted Betfair to the problem.
Will be interesting to see if there is any action possible/proposed.
Interestingly, i haven't logged into BF for quite some time and thought I'd check to see how many attempts had been made since i last logged in earlier in the year. The answer -zero!!
not sure how some folk are targeted and others not.
not sure how some folk are targeted and others not.
You do not have the required permissions to view the files attached to this post.