Stake.com - The Leading Crypto Casino - Drake, UFC, Everton, Alfa Romeo F1 Team - page 336.

BitcoinHunt3r

legendary

Activity: 2954

Merit: 1155

Leading Crypto Sports Betting & Casino Platform

Quote from: Saint-loup on November 11, 2022, 11:24:06 AM

I don't know if he really managed to collect such a big amount of money but we can't say it's not possible, since the 2fa key is the same one for login and for withdrawing funds at Stake. 2fa codes change every thirty seconds and are usually accepted during 1 or 2 minutes by websites, so if one phished user enters his 2fa code to try to log into the fake Stake home page, the hacker can steal his code and use it during several dozens of seconds and even minutes to enter into the account victim and to withdraw their funds.

Stunna has answered our question that no funds or KYC were stolen because hacker only managed to get into email not to the place where important data is stored
Regardless of whether the statement can be trusted or not, what is clear is that we still have to anticipate changing the password and activating 2FA is the most appropriate solution at this time. However, this is a warning to stake.com to continue to improve security problems like this are very vulnerable to user trust.

ryzaadit

legendary

Activity: 2688

Merit: 1262

Quote from: Betwrong on November 11, 2022, 08:19:39 AM

"Don't take it today. It's not fresh. Better come in 2 days when we have a new supply.", or a seller saying:"You better buy this thing in a store around the corner, it's cheaper there.", and stuff like that.

Did you know.

You can check the things you are buying with your own check. The seller selling a fish, said fresh and I still can check it right (How to check a fish still fresh or not) based on the a few check on the fish.

The main point is, there is still no third parties machine who can check the reality is the RTP on Demo & Real is the same. @panjul07 is also giving good points as well for this case, is up to you to believe it or not (But I still not believe)
---
If you said, we the person who are not believe the RTP is not same (Feel free to prove it). Can we also ask the person who are believe the RTP Demo & Real is also prove it by creating a machine check from third parties (Like hash game).

That's why I said, this is still the hottest topic without a valuable answer on the slot community.

panjul07

legendary

Activity: 3500

Merit: 1354

Quote from: Betwrong on November 11, 2022, 08:19:39 AM

I'm positive that the RTP of DEMO mode and REAL mode are the same among the slots by reputable providers. If someone can prove the opposite, please do so.

I think there is no need to argue about this thing further, both side who believe that the RTP is different cant prove it and you as one of those who believe that the RTP is the same also cant prove it.
It is all about feeling based on our own experience IMO, even if there is official announcement directly from the provider, I still believe that those who experienced better result in demo mode than real mode will still think that the RTP is different.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: BitcoinHunt3r on November 10, 2022, 04:59:17 PM

Quote from: serjent05 on November 10, 2022, 04:36:19 PM

Same here, I haven't checked my email since I don't have much activity on stake this past few weeks. I could say that my idleness saves me from possible phishing attempts. Though it is quite surprising that $10m is stolen from hacked accounts. Aren't they activating their security options? This is just a user data breach and not an internal system hack, so it is somehow impossible to lose a significant amount due to phishing if 2fa and other security feature is enabled by the account.

Yes, it's a bit dubious somehow he collected $10 million whereas every account that has a balance must have double security like 2fa or OTP

I don't know if he really managed to collect such a big amount of money but we can't say it's not possible, since the 2fa key is the same one for login and for withdrawing funds at Stake. 2fa codes change every thirty seconds and are usually accepted during 1 or 2 minutes by websites, so if one phished user enters his 2fa code to try to log into the fake Stake home page, the hacker can steal his code and use it during several dozens of seconds and even minutes to enter into the account victim and to withdraw their funds.

Quote

Because of possible clock drifts between a client and a validation server, we RECOMMEND that the validator be set with a specific limit to the number of time steps a prover can be "out of synch" before being rejected. This limit can be set both forward and backward from the calculated time step on receipt of the OTP value. If the time step is 30 seconds as recommended, and the validator is set to only accept two time steps backward, then the maximum elapsed time drift would be around 89 seconds, i.e., 29 seconds in the calculated time step and 60 seconds for two backward time steps.

https://www.ietf.org/rfc/rfc6238.txt

Betwrong

legendary

Activity: 3514

Merit: 2246

🌀 Cosmic Casino

Quote from: ryzaadit on November 09, 2022, 07:15:09 AM

Quote from: Betwrong on November 09, 2022, 07:01:21 AM

-snip-

If you asking from the guy who are provided you the service.

Off course, they're gonna say that, because is a business scheme (You never say anything bad about your product). But, If you ask from regular person they're gonna tell you different things.

If there has some machine that can make us (Regular) person, verify the RTP and others thing is same. We will believe that, just like "Probably fair" for hash game while we can verify the result by our own check.

It is not necessarily so. Maybe I'm lucky, but I often encounter a food retailer in a store who tells me: "Don't take it today. It's not fresh. Better come in 2 days when we have a new supply.", or a seller saying:"You better buy this thing in a store around the corner, it's cheaper there.", and stuff like that.

I'm actually a bit shocked to read "Off course, they're gonna say that". You mean they would surely be lying, because they are part of the industry? That would be a shitty world to live in, don't you think?

I'm positive that the RTP of DEMO mode and REAL mode are the same among the slots by reputable providers. If someone can prove the opposite, please do so.

BitcoinGirl.Club

legendary

Activity: 2800

Merit: 2736

Farewell LEO: o_e_l_e_o

Quote from: DarkStar_ on November 11, 2022, 01:21:27 AM

This is a good article about email headers: https://www.valimail.com/blog/understanding-email-authentication-headers/

Interesting read. I had basic programming knowledge but all are old school. It was always a wonder for me to validate an email knowing it can be sent using any script until now. Anyway, now I can at least check the emails I continuously receive from Ledger and all the exchanges with offers that are almost irresistible to deny LOL

Quote

Stunna confirmed that the email was sent from their hacked SendGrid account getting hacked, so the emails would have looked real to email providers and users.

Not always active in the thread so I was unaware about the SendGrid hack too.

Kakmakr

legendary

Activity: 3542

Merit: 1965

Leading Crypto Sports Betting & Casino Platform

I just want to know how we can verify that email that were send from Stake....are actually legit emails... since Stake's own service was compromised? I know #Stunna are saying that it is all sorted, but we should think of ways to prevent this in future.

I am just happy that our Stake users are so quick to respond in the English Chat, when emails are send out ...and also that the mods in those channels are responsive when people ask questions. (So my advice..... ask in the chat, before you click on an email, even if it is from Stake)

DarkStar_

legendary

Activity: 2772

Merit: 3284

Quote from: BitcoinGirl.Club on November 09, 2022, 05:32:26 AM

Quote from: DarkStar_ on November 09, 2022, 01:10:43 AM

Has Stake been hacked? I received what looks to be a valid email from [email protected] (email headers match - it's not simple spoofing), with the subject "Stake: Welcome to the new VIP program!" and a body offering more bonuses. Clicking the link, I get redirected to http://sso-stake.com, which is currently offline and definitely doesn't look like an official Stake domain. The domain was just registered today going off of whois records, so I suspect whatever platform Stake uses for email marketing might have been hacked and used for a phishing campaign.

I don't understand the bold font text I marked but if you give me a random email address to send you an email with a test email address to receive the email, I can send you an email from the random email account. 😉

With a php/html form anyone can do it easily. The other possibility could be, it indeed a new domain bought by stake to use for their newsletter. Either way, Stake team can confirm it as it has been noticed.

This is a good article about email headers: https://www.valimail.com/blog/understanding-email-authentication-headers/

While you can use forms to spoof emails, they will not validate and almost all providers should send them immediately to spam. Stunna confirmed that the email was sent from their hacked SendGrid account getting hacked, so the emails would have looked real to email providers and users.

Mahdirakib

legendary

Activity: 1946

Merit: 1026

In Search of Incredible

Quote from: BitcoinHunt3r on November 10, 2022, 04:59:17 PM

Yes, it's a bit dubious somehow he collected $10 million whereas every account that has a balance must have double security like 2fa or OTP

Maybe the hackers have made the false claim to attract people for buying Stake's Sendgrid email dump. Stake team has said that users funds weren't effected through this phishing attempt. We haven't seen any complaints in the forum about the fund loss after this phishing attempt. Now I have doubts about the hacker claim. Because, the hacker need login OTP code to access the account of a user, then they need the withdrawal OTP code to request for a withdrawal successfully. The hacker won't be able to withdraw user fund without having access to the user email.

Symphonized

member

Activity: 2464

Merit: 57

Primedice.com & Stake.com

[$10,000] Highest Odds |November |Sports Challenge

Win a bet with the highest total odds you can! (if you win a bet with higher odds you can edit your post with it)
The minimum bet amount is set at 1$ (in any coin)
The table will be updated once a day.

Giveaway's Topic: https://stakecommunity.com/topic/64006-10000-highest-odds-november-sports-challenge/

Stunna

legendary

Activity: 3192

Merit: 1279

Primedice.com, Stake.com

If you have been recently active you may have been confused about an official looking stake email in your inbox regarding VIP rewards.

The email was sent by a rogue individual who managed to get access to Stake's Sendgrid account. We are continuing to investigate with Sendgrid how 2FA was bypassed and access was obtained but we will share what we know in the meanwhile.

- There's a chance that a group of Stake users who were recently active may have their Email address available to this individual. Please note that there is no other associated information linked to these Email addresses. It would be simply a raw Email, unlinked to even a username or any form of identity. As a result we deem this to be a minimal risk threat.

- No user funds, passwords, KYC, or Stake accounts were effected. The phishing website was taken down within minutes and as a result no damage was incurred We are very lucky we have quick notifications around this & a great relationship with hosting companies.

We will have further information available soon. As always if you require specific help please contact your VIP host or our live support.

In the meanwhile we ask that you always make sure you are logging in on "stake.com" and set 2FA.

BitcoinHunt3r

legendary

Activity: 2954

Merit: 1155

Leading Crypto Sports Betting & Casino Platform

Quote from: serjent05 on November 10, 2022, 04:36:19 PM

Quote from: BitcoinHunt3r on November 09, 2022, 05:46:32 PM

Quote from: SyGambler on November 09, 2022, 04:01:30 PM

any estimation how many and how much funds were stolen with the last email hack thing ?

We will never get a real estimate before stake.com announced it and it looks like Stake.com will not do it for privacy reasons
Based on unofficial sources Hackers managed to steal 430K customer data including email and maybe also KYC information
Another source said they stole at least $10 million from the hacked account, but this one is rather difficult to believe.
Luckily I was late to check the email and not click on the link sent to my email.

Same here, I haven't checked my email since I don't have much activity on stake this past few weeks. I could say that my idleness saves me from possible phishing attempts. Though it is quite surprising that $10m is stolen from hacked accounts. Aren't they activating their security options? This is just a user data breach and not an internal system hack, so it is somehow impossible to lose a significant amount due to phishing if 2fa and other security feature is enabled by the account.

Yes, it's a bit dubious somehow he collected $10 million whereas every account that has a balance must have double security like 2fa or OTP
Indeed there are some users who do not enable 2FA for example me, but I never leave a balance in the account, I definitely withdraw it when I want to log out

oh @Stunna already clarified this issue at least this clarification relieved us, it is undeniable that this case will harm stake.com.

Heartilly

sr. member

Activity: 697

Merit: 253

Quote from: serjent05 on November 10, 2022, 04:36:19 PM

Same here, I haven't checked my email since I don't have much activity on stake this past few weeks. I could say that my idleness saves me from possible phishing attempts. Though it is quite surprising that $10m is stolen from hacked accounts. Aren't they activating their security options? This is just a user data breach and not an internal system hack, so it is somehow impossible to lose a significant amount due to phishing if 2fa and other security feature is enabled by the account.

Correct me if I'm wrong but I believed that verified Stake account users can't change their email used on the registration. Therefore, even if a user's account got compromised and their Stake account login details were input on a phishing site, the hacker can't just do anything on that Stake account.

By default:

- an email code is needed for a successful login
- withdrawals also need an email code if 2FA is not activated

Not unless the email login details were compromised, that's another story.

serjent05

legendary

Activity: 3052

Merit: 1281

Get $2100 deposit bonuses & 60 FS

Quote from: BitcoinHunt3r on November 09, 2022, 05:46:32 PM

Quote from: SyGambler on November 09, 2022, 04:01:30 PM

any estimation how many and how much funds were stolen with the last email hack thing ?

We will never get a real estimate before stake.com announced it and it looks like Stake.com will not do it for privacy reasons
Based on unofficial sources Hackers managed to steal 430K customer data including email and maybe also KYC information
Another source said they stole at least $10 million from the hacked account, but this one is rather difficult to believe.
Luckily I was late to check the email and not click on the link sent to my email.

Same here, I haven't checked my email since I don't have much activity on stake this past few weeks. I could say that my idleness saves me from possible phishing attempts. Though it is quite surprising that $10m is stolen from hacked accounts. Aren't they activating their security options? This is just a user data breach and not an internal system hack, so it is somehow impossible to lose a significant amount due to phishing if 2fa and other security feature is enabled by the account.

ryzaadit

legendary

Activity: 2688

Merit: 1262

Quote from: ?? on ??

-snip-

If you read the announcement, is about phising.

So, from my perspective the data has been leaked is mostly the email customer of "Stake". However, which data came from who has been leaked is still unknown (Example, If their "Email" provider for sending promotion and other thinks is getting leaked).

There is no personal information is being leaked, only Email.

Captain Corporate

hero member

Activity: 2198

Merit: 575

Such a sad situation but also not an unexpected one. Websites such as Stake are always in the crosshairs of hackers, which means that %100 7/24 at all times there are people trying to hack these websites, and eventually, they do end up hacking into them. It could be for money, but if they can't get any money, they would be glad to get KYC and data from the customers to sell later.

If you know the right buyer, nearly half a million gambling emails stolen from stake could be worth a gold mine, because you can sell it to other big-name casinos and they could use it to send emails to people to convince them to switch to their casino instead. So if they got any money, hackers wouldn't really care about that part, the data is the thing everyone loves these days.

Flexystar

full member

Activity: 1092

Merit: 227

Quote from: BitcoinHunt3r on November 09, 2022, 05:46:32 PM

Quote from: SyGambler on November 09, 2022, 04:01:30 PM

any estimation how many and how much funds were stolen with the last email hack thing ?

We will never get a real estimate before stake.com announced it and it looks like Stake.com will not do it for privacy reasons
Based on unofficial sources Hackers managed to steal 430K customer data including email and maybe also KYC information
Another source said they stole at least $10 million from the hacked account, but this one is rather difficult to believe.
Luckily I was late to check the email and not click on the link sent to my email.

Is this for real? I am reading this for the first time and I can’t believe my eyes that I’m reading this about Stake. What on the earth might have happened so as to they were able to manage hack on the stake?
These scam bugs are everywhere. Last time one crazy article also stated that there is trend of making entire Mirror site so that user gets deceived with the fake site and deposit money over there.
Guys, this is the lesson for us. It’s about our money so always see and validate before you click. I hope Stake will be able to recover the money as well as stolen info.

Stay strong stake team!

ryzaadit

legendary

Activity: 2688

Merit: 1262

Quote from: babygun on November 09, 2022, 05:51:44 PM

-snip-

Everyone is also not forgetting.

In the last few months ago, the stake system is updating needed every account to activate 2FA. So, this is also helping for the case phising site due everyone can't withdraw without activated first the 2FA.

Otherwise, the victim who get this can be more.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: BitcoinHunt3r on November 09, 2022, 05:46:32 PM

Quote from: SyGambler on November 09, 2022, 04:01:30 PM

any estimation how many and how much funds were stolen with the last email hack thing ?

We will never get a real estimate before stake.com announced it and it looks like Stake.com will not do it for privacy reasons
Based on unofficial sources Hackers managed to steal 430K customer data including email and maybe also KYC information
Another source said they stole at least $10 million from the hacked account, but this one is rather difficult to believe.
Luckily I was late to check the email and not click on the link sent to my email.

Where have you found those figures and informations precisely? Could you share some links about that please because unfortunately Stake doesn't say a word about it, as expected... That's not professional at all for a crypto company, when there has been a similar hack at Bitmex or Ledger for example, they've been very transparent about it.

I've found that on this forum
It seems that even Drake's datas would have been breached.

https://stakecommunity.com/topic/64397-phishing-e-mail-scam-november-2022/page/3/#comment-1357512

https://stakecommunity.com/topic/64397-phishing-e-mail-scam-november-2022/page/5/#comment-1357954

BitcoinHunt3r

legendary

Activity: 2954

Merit: 1155

Leading Crypto Sports Betting & Casino Platform

Quote from: babygun on November 09, 2022, 05:51:44 PM

Quote from: BitcoinHunt3r on November 09, 2022, 05:46:32 PM

Quote from: SyGambler on November 09, 2022, 04:01:30 PM

any estimation how many and how much funds were stolen with the last email hack thing ?

We will never get a real estimate before stake.com announced it and it looks like Stake.com will not do it for privacy reasons
Based on unofficial sources Hackers managed to steal 430K customer data including email and maybe also KYC information
Another source said they stole at least $10 million from the hacked account, but this one is rather difficult to believe.
Luckily I was late to check the email and not click on the link sent to my email.

It is it the first thing I read about this email hack and for one time I am lucky that, for some reason, I don't receive any emails anymore from Stake. Changed my password just to be sure also but we always need to be extra careful when receiving mails (even if they look legit).

The problem is that the email is sent from the official email so many people assume that it is not phishing. The only reason we suspect the email is because the style and contents of the email are different from usual there is no picture and there is no explanation related to the event even if there is a bonus, it is usually sent to telegram too.

Topic: Stake.com - The Leading Crypto Casino - Drake, UFC, Everton, Alfa Romeo F1 Team - page 336. (Read 282494 times)