Hacker's hand trying to steal a credit card

PokerTracker Exec Confirms Credit-Card Hack Occurred at Start of 2019

An initial public statement has been made on behalf of PokerTracker online-poker tracking software following the discovery by anti-hacking company MalwareBytes that two domains associated with PokerTracker had been injected with credit card-scraping code. The statement, in the form of a post on the 2+2 discussion forum by Max Value Software, LLC (MVS) managing partner Derek Charles, confirms the discovery of the hack on August 8 while adding details about the hacking incident.

Software UpdateAccording to Charles, the antiquated Drupal open-source content-management script that was exploited by the Magecart attack was removed within an hour of MVS being notified on August 8 of the probable hack. Of course, by that time the damage had been done. Further, a programming audit showed that the hack likely occurred between December 23, 2018 and January 2, 2019, meaning that up to eight months of credit-card purchases of PokerTracker 4 were compromised.

Charles offered a bullet-point synopsis of what his company has uncovered regarding the hack:

  1. This was a highly customized and targeted attack of PokerTracker.com and it’s customers. The script was being loaded from ajaxclick.[com] which has not previously been seen in the wild.
  2. It appears that the attack took place between December 23, 2018 and January 2, 2019.
  3. We believe that the attackers were attempting to intercept credit card information while it was being sent from the user’s browser to the credit card processor. We do not have any information to confirm or deny whether the hackers were able to successfully intercept credit card and/or billing data.
  4. PokerTracker does not save or store any credit card or billing information on our servers. Only those customers who attempted to purchase via credit card while the rogue script was on the site are affected. We estimate that the number of affected customers is in the low thousands and we are in the process of notifying them.
  5. The PokerTracker 4 application and your data within PokerTracker 4 has never been compromised. PokerTracker 4 does load an internal browser for the community page which would have loaded the rogue script but it is not technically possible for the script to gain access to view your data within the PokerTracker application.
  6. We have no reason to believe that your PokerTracker.com username or password were intercepted; however, to be abundantly cautious we recommend changing your password.

The first point needs some clarification. The ajaxclick.(com) site actually hosts numerous credit-card skimmers associated with the Magecart criminal operation. However, most of the other skimmers attack flaws in another and more-popular e-commerce CMS platform, Magento. Drupal vulnerabilities have also been known for years, so “not previously been seen in the wild” is an exact-combination qualification true only in a technical sense.

The length of time the hack was in place will also be of concern to PT4 customers. Charles also posted this: “If you entered your credit card information on the PokerTracker.com website between the dates of December 23, 2018 and August 8, 2019 we will be contacting you to urge you to closely monitor your credit card activity for any fraudulent purchases. If you notice a fraudulent charge, please immediately contact the telephone number on the back of your credit card to notify them of the fraudulent activity.”

However, nearly half of the period for which credit-card info was presumably stolen already falls outside the 120-day window that most major credit-card providers allow for fraud-related chargebacks. Max Value Software has also allowed nearly three more weeks to elapse without issuing formal warnings to affected customers. That translates directly into more transactions that may well have slipped beyond the 120-day recovery window.


Leave a Comment



filter by

Haley Hintze

20th October 2019 // Misc, News

Burst Water Pipe Impacts Play at New Encore Boston Harbor Poker Room

Tales of plugging leaks abound after players at the brand new Encore Boston Harbor poker room was partially inundated...

Dan Katz

18th October 2019 // Industry, Misc, News

MGM Resorts International Sells Bellagio and Circus Circus for a Combined $5 Billion

Confirming industry rumblings from a month ago, MGM Resorts International announced this week that it has agreed to...

Haley Hintze

16th October 2019 // Misc, News

Women in Poker “Cracking Aces” Documentary Arrives on Video

The poker documentary Cracking Aces: A Woman’s Place at the Table, featuring the struggles faced by female poker...

Haley Hintze

16th October 2019 // Legal News, Misc, News

WSOP Flasher Ken Strauss Found Incompetent to Stand Trial

Ken Strauss, the Pennsylvania poker player and sports better who dropped his pants and was disqualified during early...

Haley Hintze

15th October 2019 // Misc, News, Poker Tournaments

Asian Poker Tour Announces 2020 Schedule

The Asian Poker Tour (APT) has announced its schedule of planned tour dates for the 2020 calendar year, offering what...

Haley Hintze

13th October 2019 // Misc, News, Online Poker Action

PokerStars to Introduce Anonymous Tables, Flash Spin & Gos

PokerStars has announced some of the latest bells and whistles to be given a try as the online poker giant continues...