Page 1 of 2 12 LastLast
Results 1 to 20 of 33
  1. #1
    allfreechips's Avatar
    allfreechips is offline Private Member
    Join Date
    August 2010
    Location
    Ohio - The taxing state
    Posts
    1,081
    Thanks
    136
    Thanked 631 Times in 371 Posts

    Default My Accounts being hacked (my fault with old password)

    So I have a few accounts taken over by someone changing my email to trenkstars@pront........... and of course trying to get payments sent to another BTC addy...

    FYI and I am updating all old accounts that I never did

    -Chris

    PS, also started an account on AGD using my real name to get things changed!
    Allfreechips online casino guide offers online casino reviews from our members. Also our exclusive No Deposit casino bonuses are always up to date. See the latest slot machine reviews at Hotslot and exclusive no deposit casino bonuses as well with a good dose of daily online gambling news to learn about pokies

  2. #2
    AussieDave's Avatar
    AussieDave is offline Public Member
    Join Date
    November 2005
    Location
    from the land downunder
    Posts
    4,040
    Blog Entries
    1
    Thanks
    1,669
    Thanked 1,876 Times in 1,072 Posts

    Default

    If possible use min 17 characters: upper/lower alpha, numerical and special characters if allowed.

    Use a different p/w for every program, email accounts, cPanel login, you name it, everything that requires a password. If you feel uber paranoid, use a different User-login too.

    BUT really, programs these days (given hacked accounts, to change payment details are on the rise) aff programs and such, should have security measures in place, so the contact details, or payment details, can't be changed without contacting your AM. Or, even a couple of secret questions (you've answered previously), would stop this crap from happening.

    I use this site for that purpose: https://passwordsgenerator.net/
    Last edited by AussieDave; 19 February 2020 at 10:51 am.
    ---
    Compliance: a code word for control

    ---
    Do the right thing, even when no one is looking. It's called integrity.
    ---

    It's your right to be treated honestly: fairness for all igaming affiliates - doch.news

  3. #3
    allfreechips's Avatar
    allfreechips is offline Private Member
    Join Date
    August 2010
    Location
    Ohio - The taxing state
    Posts
    1,081
    Thanks
    136
    Thanked 631 Times in 371 Posts

    Default

    Yeah Kyle from Drake was on top of it right away, and yes al new passwords are auto generated long strings, lazy killed me there on a bunch of accounts
    Allfreechips online casino guide offers online casino reviews from our members. Also our exclusive No Deposit casino bonuses are always up to date. See the latest slot machine reviews at Hotslot and exclusive no deposit casino bonuses as well with a good dose of daily online gambling news to learn about pokies

  4. #4
    wonderpunter's Avatar
    wonderpunter is offline Private Member
    Join Date
    August 2013
    Posts
    2,511
    Blog Entries
    5
    Thanks
    402
    Thanked 1,679 Times in 1,007 Posts

    Default

    Quote Originally Posted by allfreechips View Post
    Yeah Kyle from Drake was on top of it right away, and yes al new passwords are auto generated long strings, lazy killed me there on a bunch of accounts
    password123? or allfreechips2020?

  5. #5
    allfreechips's Avatar
    allfreechips is offline Private Member
    Join Date
    August 2010
    Location
    Ohio - The taxing state
    Posts
    1,081
    Thanks
    136
    Thanked 631 Times in 371 Posts

    Default

    How did you get my new one already?
    Allfreechips online casino guide offers online casino reviews from our members. Also our exclusive No Deposit casino bonuses are always up to date. See the latest slot machine reviews at Hotslot and exclusive no deposit casino bonuses as well with a good dose of daily online gambling news to learn about pokies

  6. The Following 2 Users Say Thank You to allfreechips For This Useful Post:

    Eddie G (19 February 2020), wonderpunter (19 February 2020)

  7. #6
    Malikbhai is offline Public Member
    Join Date
    September 2017
    Posts
    580
    Thanks
    153
    Thanked 326 Times in 207 Posts

    Default

    Use Keepass. Been using it for more than 15 years.

  8. #7
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,160
    Thanks
    1,256
    Thanked 3,264 Times in 1,816 Posts

    Default

    I am not using superstrong strong passwords for affiliate accounts, that is overkill imo. I use different login names though, bunch of emails and of course proprietary email(s).

    I would be much more concerned about the attack vector, you can use as strong passwords as you want but if attackers have access to your device or email, it is pointless. Old password does not mean and should not mean that your acct is hackable.

    Are you sure the old password is the reason of the hack? Why?
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

  9. The Following User Says Thank You to Sherlock For This Useful Post:

    universal4 (19 February 2020)

  10. #8
    allfreechips's Avatar
    allfreechips is offline Private Member
    Join Date
    August 2010
    Location
    Ohio - The taxing state
    Posts
    1,081
    Thanks
    136
    Thanked 631 Times in 371 Posts

    Default

    anything touched was with the old password / login name.. Email(s) is mine and its pretty locked down and updated securely
    Allfreechips online casino guide offers online casino reviews from our members. Also our exclusive No Deposit casino bonuses are always up to date. See the latest slot machine reviews at Hotslot and exclusive no deposit casino bonuses as well with a good dose of daily online gambling news to learn about pokies

  11. #9
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,160
    Thanks
    1,256
    Thanked 3,264 Times in 1,816 Posts

    Default

    Yeah, but how you know that the issue was the reuse of old login/password by some joker. I agree it is the most probable explanation (because the hack occurred only for one combination of login/password and because we know what kind of people work as affiliate managers [not all of them ofc]), but sadly second most probable thing is that your computer or phone was hacked or something.

    Imagine that for example your computer is somehow keylogged and they see just partial data. This combination of password/login was the most used so they might try it first and this is why you see hacked just this combination. What I just wrote is not very likely but still possible.

    Abusing AGD supports your original hypothesis (the hacker was some affiliate insider, because random virus owner would not know where to go and what to do that quickly). But take care...
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

  12. The Following User Says Thank You to Sherlock For This Useful Post:

    AussieDave (19 February 2020)

  13. #10
    allfreechips's Avatar
    allfreechips is offline Private Member
    Join Date
    August 2010
    Location
    Ohio - The taxing state
    Posts
    1,081
    Thanks
    136
    Thanked 631 Times in 371 Posts

    Default

    I agree with the possibilities as I lost my allfreechips.com domain in the past when a hacker got access to my email and transfered the domain... long story but the accounts are consistant, they go in and change the email to another and request payment.

    of course I updated the works today already
    Allfreechips online casino guide offers online casino reviews from our members. Also our exclusive No Deposit casino bonuses are always up to date. See the latest slot machine reviews at Hotslot and exclusive no deposit casino bonuses as well with a good dose of daily online gambling news to learn about pokies

  14. The Following User Says Thank You to allfreechips For This Useful Post:

    Sherlock (19 February 2020)

  15. #11
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,160
    Thanks
    1,256
    Thanked 3,264 Times in 1,816 Posts

    Default

    That is very odd. You maybe do some things relatively more unsafely than others or maybe you just do other things and the result is that you are more vulnerable. I am scared of being hacked just by reading what you wrote.
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

  16. #12
    allfreechips's Avatar
    allfreechips is offline Private Member
    Join Date
    August 2010
    Location
    Ohio - The taxing state
    Posts
    1,081
    Thanks
    136
    Thanked 631 Times in 371 Posts

    Default

    Well the domain loss was a pile of bad practices by me and my registrar, where you can get your password via email (not a new one just the password) and then transfer the domain and delete all the emails associated with it.. imagine the confusion making changes via ftp that dont show up...

    Lots of layers now between everything I do
    Allfreechips online casino guide offers online casino reviews from our members. Also our exclusive No Deposit casino bonuses are always up to date. See the latest slot machine reviews at Hotslot and exclusive no deposit casino bonuses as well with a good dose of daily online gambling news to learn about pokies

  17. #13
    AussieDave's Avatar
    AussieDave is offline Public Member
    Join Date
    November 2005
    Location
    from the land downunder
    Posts
    4,040
    Blog Entries
    1
    Thanks
    1,669
    Thanked 1,876 Times in 1,072 Posts

    Default

    Quote Originally Posted by Sherlock View Post
    I am not using superstrong strong passwords for affiliate accounts, that is overkill imo.
    Way back in 2003 or something, not only was a aff site I owned hacked, but also defaced. That was a lesson well learned.
    ---
    Compliance: a code word for control

    ---
    Do the right thing, even when no one is looking. It's called integrity.
    ---

    It's your right to be treated honestly: fairness for all igaming affiliates - doch.news

  18. #14
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,160
    Thanks
    1,256
    Thanked 3,264 Times in 1,816 Posts

    Default

    Superstrong passwords do not solve much. In fact they create even bigger problem. When I have superstrong passwords everywhere, then I do not remember them. When I do not remember them, I can not work. It is pointless then. I can hold few superstrong passwords in my head but not 100s.

    Supersecurity is needed only for really important things like securing crypto. With my PC and phone it is for me on the contrary. I am very lenient and let people hack it, so I can see if the low security is secure enough. Then my high security will be enough for sure.

    Also how will superstrong password help you when you put the password somewhere and the password is there for example in plain text when the creators of affiliate system are idiots? Or how can superstrong password help you if you have keylogger in your computer?

    I do not get why there is no 2fa on affiliate accounts, especially the ones with cashier. So many problems would be resolved, even the errors with leaked passwords to affiliate managers who are bad actors.
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

  19. #15
    wonderpunter's Avatar
    wonderpunter is offline Private Member
    Join Date
    August 2013
    Posts
    2,511
    Blog Entries
    5
    Thanks
    402
    Thanked 1,679 Times in 1,007 Posts

    Default

    the oother problem is everyone wants a different type password some numerical.. some alfanuemrical some with symbols, some min 8 digits, somne ask me to change every 3 months and im running out of ideas.. i dont want tons of paper to keep remembering

  20. #16
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,160
    Thanks
    1,256
    Thanked 3,264 Times in 1,816 Posts

    Default

    Yes this is exactly how overall the system is insecure, because is overloading people with bogus requests. Instead simple 2fa would be much safer.

    You can just change last letter(s) of the same Ygwnm&^76 password to something that reminds you the affiliate program. Like here would be Ygwnm&^76gpw, but then obviously, the password is no more strong.

    When I read always some nonsense how everything in IT or gambling will be shining soon like Buddha, I always remind myself how even this relatively simple task is so hard to resolve. Now bettingpartners have a new website. They put a lot of work into it. They made separate cashier and stats/marketing, which is great. But why the hell the cashier does not have 2fa?
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

  21. #17
    AussieDave's Avatar
    AussieDave is offline Public Member
    Join Date
    November 2005
    Location
    from the land downunder
    Posts
    4,040
    Blog Entries
    1
    Thanks
    1,669
    Thanked 1,876 Times in 1,072 Posts

    Default

    2fa would make life a lot easier, for sure.

    Neteller isn't well liked, for them being pain's in the ass. But the security they've implemented of last, is outstanding, which includes 2fa.

    If I can implement on Wordpress (not that I have, but could), then surely aff programs etc., can too.
    ---
    Compliance: a code word for control

    ---
    Do the right thing, even when no one is looking. It's called integrity.
    ---

    It's your right to be treated honestly: fairness for all igaming affiliates - doch.news

  22. #18
    Strider1973's Avatar
    Strider1973 is offline Private Member
    Join Date
    November 2012
    Posts
    331
    Thanks
    224
    Thanked 208 Times in 140 Posts

    Default

    Well, having 2FA everywhere even for the smallest things will just be a lot more work when logging in.

    I think the key point is to use different passwords at each website/service. Otherwise it's enough for one single site to get hacked and when a hacker has your email + password he can just try this on 1000s of other websites.

    I know it's a pain to have a different password on each website, but that's an absolute MUST.

    There are several solutions for this, like using a password manager, or developing an own system (like including parts of the website name into the password, doens't solve the issue when some programs want you to use special characters while at other programs it's not possible to use special characters...!).
    "Semper paratus!"
    My BTC Address: 1F11EJvSAab5vMQgGWGQMASr9T7LCkZjvb

  23. #19
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,160
    Thanks
    1,256
    Thanked 3,264 Times in 1,816 Posts

    Default

    2fa is not just the google auth or something
    2fa is email confirmation for example
    2fa is even independent pin/password (Neteller btw had this always or at least from 2005)
    2fa can be something device location based or even the thing that has 5dimes, simply digital fingerprint (the problem with 5dimes is that they have it implemented in very bad way)

    for cashier (once a month) i could live with google auth anyways
    Last edited by Sherlock; 19 February 2020 at 6:37 pm.
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

  24. #20
    casinobonusguy is offline Private Member
    Join Date
    October 2006
    Posts
    1,988
    Thanks
    158
    Thanked 998 Times in 611 Posts

    Default

    I use 2fa for everything when it is possible it bite me in the ass though when we went away for 5 weeks and I left my work phone home and didn't get any access codes lol

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •