Hacker's hand trying to steal a credit card

PokerTracker Exec Confirms Credit-Card Hack Occurred at Start of 2019

An initial public statement has been made on behalf of PokerTracker online-poker tracking software following the discovery by anti-hacking company MalwareBytes that two domains associated with PokerTracker had been injected with credit card-scraping code. The statement, in the form of a post on the 2+2 discussion forum by Max Value Software, LLC (MVS) managing partner Derek Charles, confirms the discovery of the hack on August 8 while adding details about the hacking incident.

Software UpdateAccording to Charles, the antiquated Drupal open-source content-management script that was exploited by the Magecart attack was removed within an hour of MVS being notified on August 8 of the probable hack. Of course, by that time the damage had been done. Further, a programming audit showed that the hack likely occurred between December 23, 2018 and January 2, 2019, meaning that up to eight months of credit-card purchases of PokerTracker 4 were compromised.

Charles offered a bullet-point synopsis of what his company has uncovered regarding the hack:

  1. This was a highly customized and targeted attack of PokerTracker.com and it’s customers. The script was being loaded from ajaxclick.[com] which has not previously been seen in the wild.
  2. It appears that the attack took place between December 23, 2018 and January 2, 2019.
  3. We believe that the attackers were attempting to intercept credit card information while it was being sent from the user’s browser to the credit card processor. We do not have any information to confirm or deny whether the hackers were able to successfully intercept credit card and/or billing data.
  4. PokerTracker does not save or store any credit card or billing information on our servers. Only those customers who attempted to purchase via credit card while the rogue script was on the site are affected. We estimate that the number of affected customers is in the low thousands and we are in the process of notifying them.
  5. The PokerTracker 4 application and your data within PokerTracker 4 has never been compromised. PokerTracker 4 does load an internal browser for the community page which would have loaded the rogue script but it is not technically possible for the script to gain access to view your data within the PokerTracker application.
  6. We have no reason to believe that your PokerTracker.com username or password were intercepted; however, to be abundantly cautious we recommend changing your password.

The first point needs some clarification. The ajaxclick.(com) site actually hosts numerous credit-card skimmers associated with the Magecart criminal operation. However, most of the other skimmers attack flaws in another and more-popular e-commerce CMS platform, Magento. Drupal vulnerabilities have also been known for years, so “not previously been seen in the wild” is an exact-combination qualification true only in a technical sense.

The length of time the hack was in place will also be of concern to PT4 customers. Charles also posted this: “If you entered your credit card information on the PokerTracker.com website between the dates of December 23, 2018 and August 8, 2019 we will be contacting you to urge you to closely monitor your credit card activity for any fraudulent purchases. If you notice a fraudulent charge, please immediately contact the telephone number on the back of your credit card to notify them of the fraudulent activity.”

However, nearly half of the period for which credit-card info was presumably stolen already falls outside the 120-day window that most major credit-card providers allow for fraud-related chargebacks. Max Value Software has also allowed nearly three more weeks to elapse without issuing formal warnings to affected customers. That translates directly into more transactions that may well have slipped beyond the 120-day recovery window.


Leave a Comment



filter by

Dan Katz

29th February 2020 // Uncategorised

Is the Coronavirus a Threat to the 2020 WSOP?

This has been one hell of a week. The coronavirus (COVID-19) is picking up steam globally. World financial markets have...

Dan Katz

26th February 2020 // Uncategorised

Side Bets Available at PokerStars Poker Tables

Poker is gambling. We like to say that it is a game of skill – and it is – but it is also gambling. And that’s...

Dan Katz

17th February 2020 // News, Online Poker Action, Poker Tournaments

World Series of Poker Expands Online Bracelet Schedule to 14 Events

On Thursday, the World Series of Poker released the schedule for this summer’s online bracelet events, to be hosted...

Dan Katz

8th February 2020 // Gossip, News, Online Poker Action

Phil Galfond Down €750,000 to VeniVidi1993 in Galfond Challenge

Look, I don’t typically make a habit of feeling bad when people of means lose money, but oh man, I am starting to get...

Dan Katz

2nd February 2020 // News, Online Poker Action

PokerStars, partypoker Launching Dueling Bounty Tourney Series on Super Bowl Sunday

The year 2020 is already one-twelfth gone. It seems like just yesterday that Larry David was arguing that it was too...

Haley Hintze

31st January 2020 // Misc, News, Poker Tournaments

Coronavirus Outbreak Forces Postponement of Triton Jeju Series

The Triton Super High Roller Series scheduled for mid-Februry in Jeju, South Korea has become the first poker event...