BE ALWAYS REMINDED TO USE THE 2FA @ FORTUNEJACK, SOMEONE JUST STOLEN 1.3 BTC FROM MY ACCOUNT BY SIMPLY CHANGING MY EMAIL AND PASSWORD AND ASKING FOR A WITHDRAWAL, AND YOU CAN'T DO ANYTHING WHEN BOTH OF YOUR MAIN LOGIN DETAILS ARE CHANGED BY SOMEONE THAT FOUND A WAY TO VIOLATE THE LOGIN SCRIPT!This is the unauthorized transaction:
https://blockchain.info/tx/1100c8f694dffb0d9c3a0613eaecff142951d79c079847c01143fa031fefbe80Unfortunately, just like many other Bitcoin based gaming websites, FortuneJack does not ask any confirmation when you want to change your email or your password, that's why having the 2FA is more than necessary here. Sadly I must add that even if the affiliate manager is quite kind and always ready to answer, she always need to bring your requests to the support team, and they have a different behavior. I know that today in Georgia is christmas, but I've made a question the 18 December that is still pending, we were kindly discussing about how affiliate royalties are calculated, routine questions that they stopped to answer after a couple of emails...also no one is getting back to me yet for what concern this serious security issue, and I'm not even asking for a refund or something like this, I'm just trying to understand what's going on here, no one ever found a way to enter inside one of my affiliate accounts in 12 years, and I hardly doubt that in this case they just found my password.
Don't misunderstand me, I don't think that the staff behind FortuneJack is in bad faith, they also have great ideas and a lot of well managed services, but for sure is not easy to "comunicate" with them, as an affiliate I'm simply expecting to go straight to the point every time we are discussing about something specific, and I have the feeling that is quite hard to achieve this, maybe more time and experience will help them to improve this fundamental aspect, and maybe I'm too specific too, while they have to deal with several different people all the time.
Anyway, since who opened a breach inside my account was probably a Bot, I don't think that I'm the only one at risk, so keep an eye to your affiliate earnings, especially in the paydate, I repeat: this login system itself isn't safe at all without the f2a, they stolen almost 600$ form my account, and they exactly knew the right time to do that.
P.S: If the thief is reading this post I'd like to exchange a couple of words in pvt...I'm still a dreamer, i know, but I hope anyway that this post can be useful to avoid any future incident like the one I've just experienced.
We have carefully read your letter and would like to share our understanding on this matter. We are not quite sure we agree with you when you state that we do not ask any confirmation when a user wants to change either email or password. Prior to making any change, we always ask to send us their wallet ID as well as the transaction made by the submitted wallet ID. We inquire wallet ID from the user when the latter cannot remember the email or registers not indicating the email. We do this because we want to make sure that this is the valid user that wants to make change to his/her personal information.
Secondly, we always urge our users to enable google authentication service 2FA. No user has ever complained about account insecurity that had enabled 2FA. When an authorized user is on the site no one else can wager or withdraw bitcoins from the amount system the system loges off immediately. Pivotal issues here is that many gamblers very often share their personal information to the third parties, namely using various Bots that use their username and pass, using VPN systems that logs user pass and this is turn leads to an extremely dramatic consequences such as hacking user account.
Please believe us that we have been working very hard to make our system secure in fact, we have spent tremendous effort to make that feasible. We simply cannot accept that statement from you that our security system is vulnerable to hacking and in fact, our support agents refrain inquiring additional information prior to making any changes.
The user/gambler is always responsible for his personal account. One should always bear the responsibility of submitting the personal information to the third party, which always triggers unpredictable and devastating effect to their account.
We sincerely regret that your account has been hacked, however, we are far from the idea that our system and our support team malfunctions when it comes to the security of our customers.
