PokerTracker Online Poker Software Hacked
The news came from an unlikely source. An anti-malware software company discovered and wrote a detailed account of PokerTracker software being hacked.
PokerTracker is one of the best-known online poker software companies in the business. It launched in 2001 and quickly became a favorite tool for hold’em players during the poker boom.
As players took to the online tables in droves, they sought every edge they could get over their competition. PokerTracker’s software helped players analyze their own play and that of their opponents. It could be used for cash games, SNGs, or multi-table tournaments. And as the company grew, they expanded to Omaha as well as hold’em applications.
As HUDs like PokerTracker are banned on many sites in today’s online poker environment, they are not as popular as a decade ago. However, the company still holds information from former players. The database of poker players is likely fairly sizeable.
This makes a hack of PokerTracker even more concerning.
Initial Report by Malwarebytes
Malwarebytes produces anti-malware software. And in order to do so, the company employs researchers and stays on top of internet malware news. It posts on its Malwarebytes Labs blog.
That’s how the news was disseminated that PokerTracker had been hacked.
The news did not come from PokerTracker itself. In fact, the company has yet to even address the issue on social media.
How It Happened
Magecart is a group of credit card skimmers who browse the internet with malware and access databases to obtain customers’ credit card information.
As Malwarebytes researchers were monitoring Magecart activities, they came across a domain issue with PokerTracker 4 when Malwarebytes wanted to block a connection to the software application.
After analyzing the data and network traffic, they recognized attributes of a credit card skimmer.
It seems that the skimmer was customized specifically for the PokerTracker website. In fact, upon further investigation, they discovered yet another skimmer being used at PokerTracker. Researchers noted that it was possible because PokerTracker was running Drupal for its root domain and subdomain, and Drupal is “outdated and vulnerable.” That made it easily hacked.
And every time a player launched PokerTracker 4, the website that loaded was compromised. Even users that went directly to the PokerTracker website were exposed to the skimmer.
— Panorays (@panorays) August 26, 2019
Response from PokerTracker
Malwarebytes contacted the owners of PokerTracker. According to the Malwarebytes writer, PokerTracker “rapidly identified the issue and removed the offending Drupal module.” In addition, PokerTracker said they tightened their content security policy to help mitigate further attacks.
Within just a few days of the Malwarebytes blog post, Haley Hintze of Flushdraw was on the case.
Hintze noted that PokerTracker was interacting with customers on discussion forums but had yet to make an announcement about the hacking and any resulting credit card vulnerabilities for its customers.
PokerTracker Exec Confirms Credit-Card Hack Occurred at Start of 2019https://t.co/HYaZ1Jjq96
— Flushdraw (@FlushdrawPoker) August 27, 2019
More than one week later, there are still no statements on the PokerTracker website or social media accounts.
However, there was a post on the PokerTracker and TwoPlusTwo forums. It was from a person named Derek Charles, employed in some way by PokerTracker, it seems.
He confirmed that the Drupal module contained a “security vulnerability which allowed an attacker to inject an XSS attack into the footer of the PokerTracker website.” He noted that they disabled the module and took more steps to tighten security.
Ultimately, after internal research, PokerTracker did discover the following:
–The attack specifically targeted PokerTracker.
–The original attack took place between December 23, 2018, and January 2, 2019.
–Stolen credit card information seemed to be the goal, but PokerTracker cannot confirm or deny if the hackers were able to obtain any credit card or billing data.
–PokerTracker doesn’t save or store credit card or billing data on its servers. However, they estimate that “the number of affected customers is in the low thousands,” and those people are being notified.
–PokerTracker 4 has never been compromised.
–Customers are advised to change passwords, though PokerTracker does not believe usernames and passwords were stolen.
Ultimately, Charles did issue an apology.
“We regret that this incident has occurred and sincerely apologize that it has taken us three weeks to properly assess the score and severity of the damage to notify potentially affected customers. This is the first time that we have had a major security incident, and we have learned a lot during this process that we can improve upon.”
It should be noted that most companies that experience any kind of hacking or data compromise typically offer credit card protection services to their customers at no cost. PokerTracker has not offered any assistance except to advise that affected customers contact their credit card companies to report fraudulent charges.