MAJOR Bitcoin Poker Site HACKED!

[Bitcoin Scammer]

PRESS RELEASE JUST POSTED ON TWITTER     http://t.co/G9v7LyE1Yp

MAJOR Bitcoin Poker SITE HACKED (NOT Livebitcoinpoker.com we said MAJOR!!)

We are new but have to acknowledge we already have the greatest players in the world! So let us start out by thanking those few members who really stepped it up and have discovered a huge security flaw on one of our competitor’s servers. This is major and super important to us because we use the same program on the back-end of our site. HankWhite69 helped discover the fix for the server without even knowing it and  that’s what got us to digging a little deeper and patching this issue. (at least for our site)

Our main competitor who uses the same back end software was  notified 1st by our shared users of this exploit. The competitor did not respond to them. Once word got out (5/25/2013)  about other sites having this open exploit  it was inevitable that abusive players/hackers would try to use this exploit. Our competitor was hacked on 5/27/2013 and the competitor has chosen NOT! to acknowledge the attack and has not changed the security protocol. This anonymous hacker had tried selling us our competitors users hashed passwords and account information. The user did this by entering a game and demanding to talk to an ADMIN in game. The hacker explained that the hashed password were encrypted by the same exact key we use. (he was right at the time)

We confirmed the hack by one of our player accounts on the competitors site and 3 other users accounts (not associated with LBP) have been comprised with solid proof. (Users who have noticed missing Chips and Deposit wallet swaps) We are not 100% sure who had access but they are working from behind this IP  “114.229.211.29″  as we caught them in a sting setup last night. The IP address shows a Chinese backing however upon closer examination and trapping this user into leaving footprints on our DUMMY server we have found out that he is a FOR FIRE HACKER that exploited an open PORT on our competitors website (he tried on ours but it was a dummy server) We believe it could be related to a few irregular open ports that older windows servers need to open in order to function.

We then decided to contact our competitor and let them know they have been hacked and how to solve the problem we did this  as a courtesy to the community and got this response back.

“We are aware of this issue,  LBP should not be concerned with our security. “

We could not let this go that easily as we share some of the same users  so we responded with a little more action.

FROM LBP
“Your security is important to us because we use the same software and a vulnerability on your site could mean the same for ours. The main reason we care is if users from your site logs in to our site with the same credentials and your software gets compromised someone could theoretically use *Competitors site* login credentials  on our site if the user uses the same information on both sites. Our passwords are hashed with the same key as yours so even though they are encrypted if that key gets broke everyone is at risk. This flaw is major and is now 100% secure on our end as we have changed our key. This does not solve your security issue.” We gave them the names of 3 compromised accounts given to us as proof of intrusion.

FROM THEM
“Once again our security is not LBP’s concern, if we wanted your help we would ask you. NONE OF OUR PLAYERS PLAY AT LBP and if they do we don’t care it’s worth the risk. Do not message us again there is zero camaraderie between us”

(1 day later they were hacked)

We did not respond to that and realize that our poker community is not what we thought it was. We are friendly in the community and we were expecting the same.  We are not as big and have tolerated a lot for being new but this will end soon as our generosity is running thin with abusive networks.

We have since then changed our encryption key. Since all passwords are hashed at registration and before being processed we have asked old users to change their passwords for the new encryption most of them already have and if you haven’t please do.

A reminder to OUR users.

1. Pick a passwords not used on any other site

2. We separate our poker severs, wallets and main site from each other to prevent any disruption.

3. Wallets are not hosted online.

4. Registration credentials are hashed when sent and we no longer use the same key as other sites.

5. We have fast support so if there is an issue let us know AS Soon As It Happens

[epetroel]

What is this about hashing and an 'encryption key'?  Hashes don't have encryption keys.

[EuroTrash]

PRESS RELEASE JUST POSTED ON TWITTER     http://t.co/G9v7LyE1Yp

MAJOR Bitcoin Poker SITE HACKED (NOT Livebitcoinpoker.com we said MAJOR!!)

(bla bla bla... shortened here)

This really looks like an ad.

[Bitcoin Scammer]

I'm working on getting more info from LBP and trying to figure out what's going on.  LBP is not a phishing site it's another maven site like seals, 5501, and like 15 others. As soon as admin sends reply I will let you know. According to Maven the password is encrypted then hashed.

[Bitcoin Scammer]

I'm working on getting more info from LBP and trying to figure out what's going on.  LBP is not a phishing site it's another maven site like seals, 5501, and like 15 others. As soon as admin sends reply I will let you know. According to Maven the password is encrypted then hashed.

I pulled this off grind as added info.

"

Thank you for the questions. I will try to answer them as best as I can for you and the other users.

1. We can't get the site to acknowledge it either we tried and then got blasted with e-mails.

2. Hank didn't know he found a problem but through a simple name change process it created a whole bunch of issues for him & mavens. (He should have no problem verifying and as stated we have patched it)

3. Vague? We didn't release the name but we released what happen and what was presented to us. We were told not to release the name for legal purposes however we wanted it known because we share the same software. We were also sharing the same encryption technique but no longer am.

This was a copy of a press release and we are happy you allow us to use your forum as a means to get out information out. "

[MPOE-PR]

We are new but have to acknowledge we already have the greatest players in the world!

This is uniquely retarded.

[Bitcoin Scammer]

I agree, I do follow LBP and know they were just trying to give credit to hank for finding the loop hole (In a really kiss ass kind of way). I sent an e-mail to the Admin for more info, hopefully it will get some more details.

[Bitcoin Scammer]

Well if you check the competitors thread they sure do have login issues and their sites down. I have no idea if this has anything to do with it but now it all makes sense.

[DannyHamilton]

F U D

http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt

FUD is generally a strategic attempt to influence perception by disseminating negative and dubious or false information. An individual firm, for example, might use FUD to invite unfavorable opinions and speculation about a competitor's product; to increase the general estimation of switching costs among current customers; or to maintain leverage over a current business partner who could potentially become a rival.

[Bitcoin Scammer]

k.. ?  Doesn't change their twitter feed. FYI their new site looks nice and I like it! hot chicks sell baby!!

[Bitcoin Scammer]

Are you saying they are spreading their own problems as a way to do what?
   


 SealsWithClubs ‏@SealsWithClubs 8h

Login issue. Seal team 6 is aware.

    SealsWithClubs ‏@SealsWithClubs 7h

We should be back soon. Full assets deployed, Seal Team 6: Operations Division actively working on the login issue. Stay tuned.

[ar9]

What's with your username?

[Bitcoin Scammer]

If you are referring to mine it's because I mod bitcoinscammers.com