stealing credit card

PokerTracker Site Hacked, Credit-Card Details Possibly Stolen

An unusual case of site hacking may have affected some recent purchasers and users of PokerTracker 4, the industry-leading online-poker statistics program published by Max Value Software, also the publisher of Hold’em Manager, Table Ninja, and several other popular software offerings.

According to leading anti-virus researcher MalwareBytes, unknown members of a notorious credit-card skimming operation known as Magecart — identifiable through its various methods of operation — were able to inject malicious code into both the main and sub domains. The credit-card thieves exploited a vulnerability exiting in the long outdated version of the open-source Drupal content-management software being used by PokerTracker.

When the hacking occurred has yet to be revealed, though it was likely sometime during the first days of August. On August 8, a MalwareBytes forum poster named Smoking Joker posted a virus-warning popup he received when starting up his PT4 software:

Source: MalwareBytes forums

Though MalwareBytes didn’t act immediately on the tip — the researchers receive an overwhelming number of tips and tidbits — when they did get around to checking it out, the evidence of another Magecart hacking operation quickly appeared. The domain and IP address shown in the popup were already well known to MalwareBytes and other anti-fraud entities for their connection to the Magecart criminal ring.

On August 20, nearly two weeks after the Smoking Joker post, MalwareBytes published its findings confirming the and domains had been hacked.

MalwareBytes also determined that it was a targeted attack, both in going after an e-commerce site and seeking to exploit a known software vulnerability: “The skimmer was customized for the site, as not only do the variable names match its input form fields, but the data portion of the skimmer script has the site’s name hardcoded as well.”

The Drupal code version being used by Max Value Software was significantly outdated. Drupal 6 was released in 2008 and various patches were released until the next generation, Drupal 7, was published in 2007. The current version of Drupal is 8.6.17, and it encompasses years of security patches.

The credit-card skimming code was activated every time PT4 users opened their software. While the domain offers the program’s front-end Internet presence, the related subdomain hosts such things as the software’s discussion forums, and link calls to it are made every time the PT4 software runs.

MalwareBytes offered this by way of explaining that the vulnerability has since been closed:

Every time users were launching PokerTracker 4, it would load the compromised web page within the application, which would trigger a block notification from Malwarebytes as the skimming script attempted to load. However, it’s worth noting that users going directly to the poker website were also exposed to the skimmer.

We reported this incident to the owners of PokerTracker and they rapidly identified the issue and removed the offending Drupal module. They also told us that they tightened their Content Security Policy (CSP) to help mitigate future attacks via harmful external scripts.

That the issue was rapidly identified and fixed is all well and good, but it leaves several other questions unanswered. For instance, why was Max Value Software running its e-commerce site for PT4 through an open-source software edition roughly a decade old?

Further, roughly three days have elapsed since MalwareBytes published its findings. Though PokerTracker support has continued to interact with users on various discussion forums, there has been no announcement anywhere to date regarding the hacking and probable credit-card exposure. Nor is there any evidence that MVS has directly contacted users whose payment details may have been compromised.

While it’s likely the company is still researching the hacking, there are several issues needing immediate clarification. For instance, when exactly were the two domains hacked, and when was the security hole finally closed? Was PokerTracker 4 and its support sites the only one the MVS software offerings to be affected? It seems incongruous to suggest that the company’s most popular software would have been run on a domain with content-management software that outdated, and not have similar antiquated platforms also in place for other offerings.

It’s not the first time third-party software has been part of a hacking situation. Way back in 2006, a site called offered a free program called RBCalc (a rakebake calculator) to its users, only to discover that the independent programmer it had hired to create the program had inserted malware allowing login information for a large number of poker sites to be stolen. RBCalc was immediately yanked, but the damage was already done. soon closed up shop in the face of all the adverse publicity.

It’s highly unlikely Max Value Software will suffer a similar fate, but at the moment, the company is wearing a hefty facial egg wrap. In recent months MVS has been on the warpath against partypoker for that site’s decision to take steps making third-party software programs such as MVS’s less effective. MVS execs have claimed that their programs make all of online poker a safer environment. Problem is, safety comes in more than one form.


Leave a Comment



filter by

by Haley Hintze

Haley Hintze
17th November 2019 // Industry, News

Shareholders Approve Eldorado-Caesars Tie-up

The acquisition by Eldorado Resorts, inc. and Caesars Entertainment Corporation (CEC), the parent company of the World Series of Poker, has cleared another hurdle with the near-unanimous approval of the ...

Dan Katz

16th November 2019 // News, Online Poker Action

PokerStars Pennsylvania Announces First PACOOP Tournament Series

PokerStars is wasting no time letting players in Pennsylvania that they are, in fact, playing on PokerStars. Just a...

Haley Hintze

15th November 2019 // Legal News, Misc, News

Florida Man Charged With Murder in Revenge for Poker Losses

A Pasco County, Florida man, Michael Joseph Psilakis Jr., has been charged with murder after the discovery of a...

Haley Hintze

14th November 2019 // News, Poker Tournaments

WSOP Expands 2019 International Circuit Schedule

The World Series of Poker (WSOP) has expanded the schedule for its ongoing 2019 International Circuit season by...

Haley Hintze

10th November 2019 // Legal News, Misc, News

Michael Borovetz Pleads Guilty in Poker-Funding Michigan Airport Scam Case

Pennsylvania poker player Michael Borovetz has pled guilty in a Michigan courtroom to a single count of theft by false...

Haley Hintze

10th November 2019 // Industry, Misc, News

Betclic Completes Withdrawal of Everest Poker Brand From UK Market

Betclic has completed its withdrawal of its venerable Everest Poker brand from the United Kingdom’s online-poker...

Dan Katz

10th November 2019 // Gossip, Misc, News, Poker Tournaments

Daniel Negreanu Wants to Make Changes to the WSOP POY Calculations

The World Series of Poker Player of the Year race has been in the news a lot in the past week and for good reason....