0
$ £
auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 7198
Thanks given: 3354
Thanks received: 2710
11 February 2016 - 7:05am

Skrill warning - hacked accounts, 2 factor, and password resets

65 replies • Last post

This week I have been in contact with a high rolling player that has had a scammer gain access to and change the contact details on his Skrill account, then proceed to withdraw a six figure amount over several transfers to different Skrill accounts, all made in quick succession on the same day. None of this triggered any kind of alert, nor did Skrill detect the activity and freeze the account. The account holder was not notified at all that his primary email address had been removed and replaced on his account. The only reason that the intrusion was discovered was pure luck - he logged in and saw what was happening at the time.

As usual with Skrill, trying to contact them and get an answer about anything is an exercise in futility. They must have the slowest and most useless customer support of any company I have ever had to deal with. Emails routinely take weeks for a simple response. Phone calls get through but whoever is on the other end is always quick to fob the problem off to someone else who never gets back to you.

Skrill claims that the scammer must have had access to the player's email account in order to reset the password, but from what we can tell looking through Gmail, there is no evidence that this is the case. Skrill has been unable to provide any evidence of how the account was compromised. In fact, we believe that the scammer may have simply talked his way into access to the account, or gained access through other means. Asking Skrill for copies of any fraudulent emails sent with full headers so we could ascertain where they came from was a waste of time. Apparently Skrill's contact form does not record any details about the submitter such as IP address or location, and the scammer used this as their method of communication. The investigation is ongoing and the player has not recovered his funds.

Next up, we received this email yesterday, ostensibly touting Skrill's new free 2 factor authentication functionality. Previously you had to request and pay for a physical security token, whereas now you can use Google Authenticator on your phone for free, like any other decently secure bank or e-wallet has been doing for years already. The key thing in this email, a recommendation to change your password within 24 hours, is bolded by me:

At Skrill we constantly aim to improve the online security of our merchant accounts.

To help with this, we are introducing two-factor authentication on all our merchant accounts. We STRONGLY recommend that you activate and use two-factor authentication and that you change your user account password within the next 24 hours.

In addition we received another email from Skrill, saying that our "merchant" account (we're not a merchant, but that's another rant for another day) must have an IP address access restriction placed on it.

Dear Merchant,
Action required: Activate login restrictions on your Skrill account.

We would like to remind all merchants that you are required to enable all login restriction tools offered in the "Merchant Tools" section of the Website. This includes restricting the login to your Merchant Account to a single IP address or a range of IP addresses. This functionality is specifically designed to enhance the security of digital wallets used for commercial purposes.

Unless you activate the IP restriction by 12/02/2015 you will no longer be able to use the “Mass Payments” functionality and/or “Send Money” functionality of your Merchant Account.

If you still wish to use these functionalities without any IP login restrictions, then please
click here and carefully read, sign and scan the indemnity letter and return it to your Account Manager or merchantservices@skrill.com.

The kicker there is in the last paragraph - if you don't want the IP address restriction, perhaps because you don't have a fixed IP address (like us), they are asking you to absolve them of any responsibility for any fraud that occurs on your account, even if you have a strong password and 2 factor authentication turned on. This is part of the letter they want us to sign. I'm not even sure that it is legal, as you cannot sign away your legal rights in a contract.

4. In consideration of Skrill activating the "Mass Payments" functionality and the "Send Money" functionality of our Merchant Account without IP login restrictions, we agree to indemnify Skrill from and against all claims, including without limitation third party claims, actions, proceedings and demands which may be brought against Skrill and all losses, liabilities, charges, costs, damages and expenses which Skrill may incur as a result of any unauthorized transactions made in relation to our Merchant Account.

Now you may be thinking that I am adding 2 and 2 and getting 5, but consider this next part. After activating 2 factor authentication on our merchant account, I decided to login and do the same on my personal Skrill account. Nope, the account was locked and I was required to change my password immediately. This is a common response to a breach of security - i.e. change everyone's password and force them to choose a new one next time they log in.

So there you go. For me there is too much smoke for there to be no fire. I am almost certain that Skrill has suffered a security breach but is not telling anyone. I would be interested to know if anyone else out there has recently had their personal Skrill account locked and a password reset forced, or whether this is unique to my account. Because I'm far more likely to get an informative and useful response here than I am by waiting for weeks for Skrill's CS to respond.

3 members gave thanks for this useful post: barbadosslim93, sharpe, coolsongss

Always play it safe! Consult our list of rogue casinos and warnings before depositing.
Every comment you make in our forum earns you CLchips which can be used to buy real prizes in our CLchips shop!

krcoolsongss
Slots FanSlots Fan
Joined: 2 Dec 2014
Posts: 1343
Thanks given: 865
Thanks received: 611
11 February 2016 - 10:26am
#1

Oh, I can vividly see them trying to shift blames on the account holder. Very bad !!!

And, before, I also find the Support of Skrill very poorly-operating, too.

I hope that all the issues would be resolved without much of problems for your friend.

usbarbadosslim93
Forum Angel
barbadosslim93's picture
Location: Michigan
Joined: 28 Jan 2011
Posts: 9404
Thanks given: 561
Thanks received: 695
11 February 2016 - 3:57pm
#2

Wow. I always thought Skrill was a big name in the money world... I would have figured them to have a lot more security on that security stuff. Is the guy's situation fixed? Does Skrill offer insurance for accounts? I know over here Google Wallet offers insurance through the FDIC for $250,000 on accounts.

Here's hoping it all gets fixed!

1 member gave thanks for this useful post: coolsongss

bgsharpe
Forum Angel
sharpe's picture
Location: Sofia, Bulgaria
Joined: 4 Nov 2014
Posts: 3496
Thanks given: 1123
Thanks received: 358
12 February 2016 - 12:00am
#3

Thanks for the useful info CL-Ed, I've had some issues my self some time ago on other EWallet my account was robbed, couple of times by a hacker but just a small amounts so I guess it's possible to happen on Skrill too. Didn't have any problems there so far my self though.

auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 7198
Thanks given: 3354
Thanks received: 2710
12 February 2016 - 12:43am
#4

The player's case is ongoing so I won't comment specifically on that until its resolved one way or the other. I have not been able to find any evidence that Skrill insures accounts like FDIC in the USA. They are regulated by the UK FCA, but I can not see whether this necessitates insurance. However their terms state that your own liability in the event of fraud is limited to €50, as long as your account was not compromised deliberately by yourself or through "gross negligence" on your part. So its all very debatable, but with Skrill unable to provide any evidence of how the account was compromised I can't see how they can get out of refunding the player the full amount, as it seems to me that they have lost it through their own negligence.

1 member gave thanks for this useful post: hope777

Always play it safe! Consult our list of rogue casinos and warnings before depositing.
Every comment you make in our forum earns you CLchips which can be used to buy real prizes in our CLchips shop!

nzMattl
GamblerGambler
Mattl's picture
Location: New Zealand
Joined: 1 Oct 2012
Posts: 89
Thanks given: 15
Thanks received: 71
12 February 2016 - 3:04am
#5

Was wondering yesterday why the password reset and another layer of security. I always thought there security was a little light. Just a simple password to access a more or less bank account.
In the event of fraud their liability is 50. Proves how much faith they have in the system. "Gross Negligence" is a very wide term as well. Almost anything to do with security other then there own can be classified as negligent if anything goes wrong.
Skrill is being very vague since they should be able to track all transactions and link all IP/Account movement at all times wouldn't you think. Definitely sounds like they are trying to cover their own butts.

auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 7198
Thanks given: 3354
Thanks received: 2710
12 February 2016 - 6:51am
#6

Ok so you also had your account locked and password reset too Mattl?

Always play it safe! Consult our list of rogue casinos and warnings before depositing.
Every comment you make in our forum earns you CLchips which can be used to buy real prizes in our CLchips shop!

nzMattl
GamblerGambler
Mattl's picture
Location: New Zealand
Joined: 1 Oct 2012
Posts: 89
Thanks given: 15
Thanks received: 71
12 February 2016 - 8:04am
#7

Yup it was locked. I had to request a lost password then got an email to put in a new password. Did the new password and went to log into skrill and had to update if i wanted to use the new second security measure 2-factor authentication. Didn't opt-in for the new security via text code as sometimes it takes a while to receive texts and i want to use skrill 1-tap sometimes

1 member gave thanks for this useful post: CL-Ed

nzMattl
GamblerGambler
Mattl's picture
Location: New Zealand
Joined: 1 Oct 2012
Posts: 89
Thanks given: 15
Thanks received: 71
12 February 2016 - 10:50am
#8

Now that i think about it. I'm not sure if it was LOCKED but my password didn't work after a few tries then i think it locks after too many tries and forced me to reset to unlock my account. I know for sure my pw was correct and the new second layer security wasn;t on my account beforehand.

krcoolsongss
Slots FanSlots Fan
Joined: 2 Dec 2014
Posts: 1343
Thanks given: 865
Thanks received: 611
12 February 2016 - 3:44pm
#9
Mattl wrote:

Now that i think about it. I'm not sure if it was LOCKED but my password didn't work after a few tries then i think it locks after too many tries and forced me to reset to unlock my account. I know for sure my pw was correct and the new second layer security wasn;t on my account beforehand.

I had to change my passwod, too.

As I remember, the message on the login page was instantly shown like "Your account is temporarily locked. Please, reset your passward".

1 member gave thanks for this useful post: CL-Ed

fimet
NewbieNewbie
Location: Finland
Joined: 14 Feb 2016
Posts: 2
Thanks given: 0
Thanks received: 1
14 February 2016 - 8:38pm
#10

Had to register just to comment on this. My account was also hacked (on 10th of February) and some 1000 euros where transferred with two transactions. On the evening of 9th I couldn't log into Skrill after changing my password and on 10th I got an email that my secondary email address had been removed (before the primary was also removed).

Skrill is currently conducting "internal investigations" and from what I'm reading I wasn't the only one affected. This was also apparent then talking with the Skrill representative and they repeatedly told it was very strange that the transfers could be done as my account was in a "restricted" mode (do not know exactly what that means). Now I also see that a new credit card had been added (which I do not own) and the card number was used to "prove" my identity.

So it is quite plausible Skrill had a serious security breach. I didn't either find any signs of trojans or hacking into my email accounts.

1 member gave thanks for this useful post: CL-Ed

auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 7198
Thanks given: 3354
Thanks received: 2710
14 February 2016 - 10:20pm
#11

Thanks met. I was suspicious before. Your story plus several reports of accounts being locked has convinced me that they have been hacked recently. It is very dishonest of them not to disclose it, but I am not surprised.

I recommend that everybody should change their Skrill password if you haven't done so in the past week or so. And turn on the 2 factor authentication.

Mattl wrote:

Didn't opt-in for the new security via text code as sometimes it takes a while to receive texts and i want to use skrill 1-tap sometimes

Mattl, you don't need to wait for text messages. Download an app for your phone called Google Authenticator. Then in Skrill enable 2 factor and it will show a QR code (like a square barcode) on the screen and using the app you scan it with your phone's camera. The app then creates an entry that generates codes every 30 seconds or so. So when you want to log in you just open the app and enter the corresponding code, no need to wait for a SMS.

Always play it safe! Consult our list of rogue casinos and warnings before depositing.
Every comment you make in our forum earns you CLchips which can be used to buy real prizes in our CLchips shop!

bgsharpe
Forum Angel
sharpe's picture
Location: Sofia, Bulgaria
Joined: 4 Nov 2014
Posts: 3496
Thanks given: 1123
Thanks received: 358
16 February 2016 - 11:11pm
#12

Yeah it really sounds worrying especially after I've read a met comment, hopefully Skrill will compencate all the affected customers but maybe the scariest thing is that probably in the company itself they didn't know how exactly this all happens. Obviously meanwhile we all have to set those extra security measures.

usRamy Delaimi
NewbieNewbie
Ramy Delaimi's picture
Joined: 17 Feb 2016
Posts: 4
Thanks given: 0
Thanks received: 2
17 February 2016 - 8:49pm
#13
met wrote:

Had to register just to comment on this. My account was also hacked (on 10th of February) and some 1000 euros where transferred with two transactions. On the evening of 9th I couldn't log into Skrill after changing my password and on 10th I got an email that my secondary email address had been removed (before the primary was also removed).

Skrill is currently conducting "internal investigations" and from what I'm reading I wasn't the only one affected. This was also apparent then talking with the Skrill representative and they repeatedly told it was very strange that the transfers could be done as my account was in a "restricted" mode (do not know exactly what that means). Now I also see that a new credit card had been added (which I do not own) and the card number was used to "prove" my identity.

So it is quite plausible Skrill had a serious security breach. I didn't either find any signs of trojans or hacking into my email accounts.

Hello guys,

I'm going through rough times because someone hacked my Skrill account. Yesterday Feb,16,2016 I logged into my Skrill and found that $3,800 was missing. I contacted Skrill CS.right away to report it; after reviewing the unauthorized transactions and talking to the VIP CS.I have determined the following:

• Password was not changed.
• The money was taken early morning on Feb,16, 2016 between 4-5 AM while I was sleeping!
• 8 unauthorized transactions wiped out my account.
• There were no failed login attempts!!
• Thief Sent me 1 transaction from different Skrill account & transferred it back to another account. I don't know Why?
• After I reported the unauthorized transactions; Skrill Security Dept. managed to return $528 to my account & the rest of the money I was told " it might be OUT OF SKRILL SYSTEM and cannot be recovered"!!!!
• My email was not hacked/breached & I have strong passwords. As for Skrill password I have changed it 2 weeks ago, but solely Skrill account appeared to be hacked; How did the hacker/thief gained access to my account? Still unknown!!
• I have an updated Antivirus, & Deep Freeze application to protect hard drive integrity on my computer, so I'm 110% certain that my computer hasn't been hacked!
• All my previous transactions in the past 90 days were from the same IP address, but yesterdays transactions were from different IP as I was told, Doesn't that raise a flag of suspicious transactions and ban my account temporarily?? That didn't happen!
• Since I'm VIP member and being victim of fraud I thought I was covered 100%, but I was told you won't qualify for "100% money back guarantee" I asked:" Why?" She said: "because you don't have a token", which btw no one from Skrill ever told me about the device or emailed me, I have argued on this particular issue with VIP rep. I asked her: "How much does cost for the token?" She said: " It doesn't cost you anything, in fact any VIP customer receive their first Token free of charge ", I said: " Okay, no one in the right mind would reject a free extra security gadget/ item if he/she was offered one. Right?" She said:" I guess you are right & I see your point", I said: "If I had have known about it I would have order it." She said:" I will contact our marketing team to launch better marketing campaign on this issue, but as for your case we cannot apply 100% money back it was your responsibility to protect your account by having a token" for the next 20 minutes of the telephone call I have started comparing Skrill security measures against Paypal, local banks...etc, I asked her simple security measures for example: Why don't you have randomly security questions for withdrawal similar to Paypal? Why don't you have withdrawal Verification Code SMS/Email notification? you guys don't have any of it, yet I'm held responsible!! It was useless chat because at the end she said: " I'm sorry to have DISAPPOINTED you, & we will take your suggestions into consideration" !!!! (She sounded like I have lost $38 only not $3,800) Erm
I called them today for updates & I was told not to call regarding this case as it has been handled by a different dept. (Complaint Dept) & you should receive a response within 8 weeks !! Angry
I think these people are one of the worst in CS I have ever dealt with, bad attitudes, careless, & cold hearted!
What should I do? What should be my next course of action guys? Confused

auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 7198
Thanks given: 3354
Thanks received: 2710
18 February 2016 - 12:00am
#14
Quote:

Thief Sent me 1 transaction from different Skrill account & transferred it back to another account. I don't know Why?

This! The player I am helping had the exact same thing happen. The thief sends them a small account from one of the accounts they control. I presume they do this so that the larger outgoing stolen transaction will not be flagged when it is sent to the same address.

I believe that this is huge and that they have a major security breach that they are not disclosing. To be clear I know they only recently disclosed that they and Neteller got hacked 5 or 6 years ago, but I am talking about a new compromise of their security.

If they refuse to pay you can contact the financial services Ombudsman in the UK. I have read of people successfully getting their money back from Skrill when using this process. In the case that I have been assisting with the UK police have been contacted but they have proved to be not so helpful.

Always play it safe! Consult our list of rogue casinos and warnings before depositing.
Every comment you make in our forum earns you CLchips which can be used to buy real prizes in our CLchips shop!

usRamy Delaimi
NewbieNewbie
Ramy Delaimi's picture
Joined: 17 Feb 2016
Posts: 4
Thanks given: 0
Thanks received: 2
18 February 2016 - 4:03am
#15
CL-Ed wrote:

If they refuse to pay you can contact the financial services Ombudsman in the UK. I have read of people successfully getting their money back from Skrill when using this process. In the case that I have been assisting with the UK police have been contacted but they have proved to be not so helpful.

Thanks for your reply Cl-Ed
I wish I had read this forum before sending large cash to my Skrill account ((
I have noticed that most negative members feedback were stating clearly "No fraud screening in place", "Poorly managed & Disorganized CS"
Since I reside outside the UK, Do you think financial Ombudsman-UK can assist non-resident individual?
Skrill asked me Whether I reported this incident to the Police or not? & I have told them:"Yes. I have, but the local Police refused to take my report due to this type of crime is beyond their jurisdiction." if later on they insist of having a Police report Where do you think I can file one?
Thanks

auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 7198
Thanks given: 3354
Thanks received: 2710
18 February 2016 - 4:55am
#16

Yes, from memory I read of at least one person who said that the Ombudsman was able to compel them to refund the stolen amounts, even though they were not a UK resident.

Re the police, the player I have been helping contacted the UK city of London police. They more or less advised the player to contact the local police in their own country and to pass on his contact details so the two departments could liaise if necessary.

I'm going to send you a private message with the police officer's details. You never know, a few complaints come his way about the same thing and they might start to realise that this is more widespread than a couple of isolated occurrences.

Always play it safe! Consult our list of rogue casinos and warnings before depositing.
Every comment you make in our forum earns you CLchips which can be used to buy real prizes in our CLchips shop!

auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 7198
Thanks given: 3354
Thanks received: 2710
19 February 2016 - 1:14am
#17

This morning I try to log into our CL Skrill account which I logged into a few days ago to turn on the two factor authentication and guess what... account locked, password reset required. I'm still sitting here waiting for an SMS code to arrive that will supposedly allow me to get in and change the password.

Skrill are a complete shambles.

Always play it safe! Consult our list of rogue casinos and warnings before depositing.
Every comment you make in our forum earns you CLchips which can be used to buy real prizes in our CLchips shop!

fimet
NewbieNewbie
Location: Finland
Joined: 14 Feb 2016
Posts: 2
Thanks given: 0
Thanks received: 1
19 February 2016 - 7:40am
#18

An update on my case. Skrill managed to get some 400e back from the two unauthorized transactions (as the money was still in the Skrill system) and now says that my case is "solved".

Late last year Forbes wrote two articles on Skrill and Netteller hacks (turn off adblock to read):
http://www.forbes.com/sites/thomasbrewster/2015/11/05/optimal-payments-h...
http://www.forbes.com/sites/thomasbrewster/2015/11/30/paysafe-optimal-ne...

Quote:

Today, the newly-branded Paysafe Group confirmed in a London Stock Exchange announcement those figures were a little higher than the reality, saying information related to 3.6 million Neteller accounts and 4.2 million Skrill users were leaked. Both related to 2009 and 2010 attacks previously detailed by FORBES. The Neteller attack involved an exploit of a vulnerability in the Joomla content management system, whilst the Moneybookers breach saw a virtual private network (VPN), designed to provide secure access to the firm’s network, hacked and a transaction database accessed.

Paysafe said that only two per cent of affected customers – 156,000 – “were active in the six months to 1 November 2015″. Paysafe added that it was “not aware of any similar breaches” since the attacks. A spokesperson said customers were being informed of the latest findings.

I am totally convinced that Skrill was hacked, not us. The clerks at the help desk will attempt to say that we are not entitled to full compensation for unauthorized transactions (because the token was not used), but the Forbes story explicitly says that 1) Skrill was hacked and 2) many hacked accounts were still in use late last year. One can of course argue that if the company's production database is hacked via VPN, even the token would not have provided full protection.

Any legal experts (preferably from UK) here?

rubetty
GamblerGambler
betty's picture
Joined: 30 Dec 2015
Posts: 50
Thanks given: 16
Thanks received: 17
19 February 2016 - 9:45am
#19

This is a really big deal! Is this not front page news? I know when that new payment app Venmo came out everyone was talking about it and using it. And then a few months later it was spread throughout the news that Venmo's security was not strong enough and people's credit card information was getting leaked. Now, Skrill deals with a lot more money than a small start-up app like Venmo. What can be done to protect your money and your rights?

usRamy Delaimi
NewbieNewbie
Ramy Delaimi's picture
Joined: 17 Feb 2016
Posts: 4
Thanks given: 0
Thanks received: 2
20 February 2016 - 7:00am
#20

I have gotten in touch with Financial Ombudsman yesterday thanks to CL-Ed Thumb Up , & they were happy to accept my complaint; not only that, but the agent wrote to Skrill letting them know I have made a formal complaint! hope that will shove the complaint directly under the noses of Skrill's executives & reimburse me immediately!
On the other hand I would like to take our complaints further to fight for our rights as customers by taking our stories to the UK media i.e Daily Mail, The Sun, I think Journalists would have tremendous interest to hear our stories, will highlights for example poor security system & how that effected us in losses and might effect potential victims, careless CS and any other serious issues. I will be the first to report, Who is up for it? BTW I know it's hard to get a reporter’s attention, but as they say 'You never know until you try” What do you guys think?

auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 7198
Thanks given: 3354
Thanks received: 2710
22 February 2016 - 3:42am
#21
betty wrote:

What can be done to protect your money and your rights?

First I would stop using Skrill if you can. I am certainly attempting to move away from it as much as possible. If that isn't possible, then make sure you enable the 2 factor authentication and use a strong, randomly generated password.

I definitely think contacting newspapers is worth a try.

I know they were hacked several years ago, but unless you have had the same password the whole time I doubt this time it is related to that. In the case I have mentioned, the person did not have a Skrill account at the time the previous hack happened so that can't be blamed this time. I really believe that they have ongoing security problems right now.

Always play it safe! Consult our list of rogue casinos and warnings before depositing.
Every comment you make in our forum earns you CLchips which can be used to buy real prizes in our CLchips shop!

usdreamylatoni
FreerollerFreeroller
Joined: 22 Feb 2016
Posts: 6
Thanks given: 0
Thanks received: 4
22 February 2016 - 7:17am
#22

Sad thing is, even with even more sophisticated ways to deal with hacking and fraud, those people will always find a way to get into accounts. If only there's a way to stop them from evolving.

Nothing is safe any more. Cry

usRamy Delaimi
NewbieNewbie
Ramy Delaimi's picture
Joined: 17 Feb 2016
Posts: 4
Thanks given: 0
Thanks received: 2
22 February 2016 - 1:13pm
#23

Hey guys

Update! I learnt that Skrill is regulated by the Financial Conduct Authority (FCA), so this morning I have gotten in touch with them to make a complaint and to investigate; I was told in order to make further investigation on Skrill security measures, and how they protect their clients data from fraud they require more complaints, so they are urging anyone who is/ was victim of Skrill Hacking to contact:
Financial Conduct Authority (FCA)
Tel; 8001116768 from the UK or +44 207 066 1000 from overseas
Email: consumer.queries@fca.org.uk

P.S Currently I have an open case with them!

2 members gave thanks for this useful post: CL-Ed, CL - klaw

rubetty
GamblerGambler
betty's picture
Joined: 30 Dec 2015
Posts: 50
Thanks given: 16
Thanks received: 17
26 February 2016 - 9:27pm
#24

I'm glad that you found an outlet for your case to be handled and please provide updates if the status changes

uaSergey Kolesnichenko
NewbieNewbie
Sergey Kolesnichenko's picture
Joined: 4 Mar 2016
Posts: 1
Thanks given: 0
Thanks received: 1
4 March 2016 - 8:29am
#25

Skrill has been definitely hacked. I have 7 years experience in e-commerce, lots of cards in the wallet, bank accounts etc. The only account I ever lost money on was Skrill.

We used them as a payment GW. Somewhere in September 2015 I've noticed the merchant account lacks 2000+ USD. They have been withdrawn to other Skrill accounts and then I think cached out using ATMs.

My ticket where I demanded to give me more details of the person who hijacked the money has not been resolved, but additionally I wrote them a message with complete list of measures they need to implement in order customers feel safe (IP restrictions, 2 factor auth, anti brute force measures etc) from that moment I noticed they follow my list and implement things.

Today we are closing the account and I've started to use the card to withdraw the money. After I made one withdrawal (ATM is in Europe, no skimmer guaranteed) one week later I came to an ATM and saw I've reached daily withdrawal limit. I did not believe my eyes, but I was ready I will lack the money again.

I came home and checked the account. Someone has withdrawn the money just 15 minutes before my attempt and that withdrawal was from... Ho Chi Minh. I never used my card in Asia, I was very rare to use my card to buy something. The withdrawal has happened using ATM, so it should be a physical card available, but it is my hand (deactivated already, but still I have that useless piece plastic in my wallet).

Now I have another ticket with them, but in my opinion they should not be considered a trusted company any more. I hope they resolve all issues, but I'm waiting they will return the money to the accounts. As I understand I'm not the only one who has suffered from them much.

1 member gave thanks for this useful post: CL-Ed

hkblueyon
FreerollerFreeroller
Joined: 5 Mar 2016
Posts: 7
Thanks given: 0
Thanks received: 2
5 March 2016 - 8:43am
#26

My account was hacked 23rd Jan, lost around 40,000 USD. I'm not a gambler and never had a gambling account.

I had changed my password in late December.

I dont understand why skrill is telling people to IP restrict their accounts otherwise sign an agreement that indemnifies them of responsibility!

Most people get their accounts hacked via a Trojan that has infected their PC, this allows a hacker to taker over the PC install key loggers and remote PC control. So even if the IP's where restricted how is this going to stop a hacker that will be using your own IP from your own computer?

So my guess is there has been a big security breach and user data has been stolen.

So far Skrills response from their staff is to blame the victim and have them sign an agreement that indemnifies them of responsibility!

Why did it take 5 years when 7.8 millions users records where compromised in 2010 to announce it?

It is currently unclear as to whether or not player balances held by Skrill are insured by the UK FCA (Skrill is headquartered in the UK) against fraud.

I guess not!

2 members gave thanks for this useful post: CL-Ed, betty

hkblueyon
FreerollerFreeroller
Joined: 5 Mar 2016
Posts: 7
Thanks given: 0
Thanks received: 2
6 March 2016 - 6:15pm
#27

please report your stories here:

http://www.skrillvictims.com/

auCL-Ed
StaffStaff
CL-Ed's picture
Location: Sydney
Joined: 7 Sep 2007
Posts: 7198
Thanks given: 3354
Thanks received: 2710
6 March 2016 - 11:53pm
#28

This is disturbing news as the problem is clearly not isolated to only a couple of instances. Thanks for posting folks. As far as I am aware the player I wrote about initially is still waiting on the Skrill "security team" to finish analysing their case. Based on the evidence of their pathetic lack of security, I suspect the Skrill "security team" is probably one overworked guy and 2 schoolkids doing work experience.

1 member gave thanks for this useful post: betty

Always play it safe! Consult our list of rogue casinos and warnings before depositing.
Every comment you make in our forum earns you CLchips which can be used to buy real prizes in our CLchips shop!

bamilanka1982
FreerollerFreeroller
Location: Sarajaevo
Joined: 9 Mar 2016
Posts: 7
Thanks given: 0
Thanks received: 1
9 March 2016 - 9:39am
#29

I havent same problems few years ago, now I use Neteller. But, he is also very unstable!

rubetty
GamblerGambler
betty's picture
Joined: 30 Dec 2015
Posts: 50
Thanks given: 16
Thanks received: 17
10 March 2016 - 1:13pm
#30

I use Neteller too, but that kind of advice isn't helpful retrospectively.

@blueyon, I don't see many users, stories, or indicators of credibility on that "skrillvictims" website. Are you a moderator of the site?

Post new comment

Have something to say? Agree or disagree? Tell us what you think!

Login using your social network account
Or log in with a Casino Listings account

Login or register to post comments

Registering for an account takes less than a minute and you will be brought right back here to comment afterwards.

Share this