Several high-profile poker players had their mobile and online accounts hacked over the past several days. The list of poker pros who claim hackers took over their Twitter accounts or cellphones include Dan Smith, Vanessa Selbst, Cate Hall, and former poker luminary Vanessa Rousso.
Doug Polk of the live poker analysis show, Poker Hands, gave a warning in a tweet and a YouTube video on the poker hacks, stating the source of the problem. Polk said, “Anything you back up with text message is vulnerable.”
That should be a warning to professional card players and amateur gamblers alike. Most Internet accounts these days allow for a special text message to verify one’s account. Given the convenience of using a smartphone for Internet access these days, many if not most players likely use texts as a form of verification.
Dan Smith Jokes about His Cyber-Attack
Despite the seriousness of identity theft, the poker pros who have discussed the hack at all have played off the incident. Dan Smith tweeted, “Some accounts got hacked last night, don’t western union money please. Idiot hackers should have tried this before scoop/Monaco :).”
In Dan Smith’s case, the damage must have been limited. As you will see with the case of Vanessa Selbst below, the hack was prolonged and troublesome. Before I discuss her situation, let’s look at how hackers gain access to a person’s mobile phone information.
How Hackers Struck Poker Players
To gain access to your smartphone, the hackers have been going through the players’ phone provider, which is easier than one might assume. To do this, the hackers call phone carriers, claiming they have lost their phone, and asking for a new sim card under that account. Even though the person does not have your PIN number, carriers often give out the new sim card, which is the key to the kingdom.
Once they have access to the phone, the hackers get into anything that is verified with text. This means Gmail accounts are vulnerable, but Bitcoin cash is not available to the hackers. To get into your accounts, the hackers will have to get your password. They might use Gmail, Dropbox, or other services which use SMS verification.
Vanessa Selbst Hacked Twice
Vanessa Selbst (pictured right) got hacked twice. She called her mobile phone carrier and changed her PIN number. Then she told the carrier not to give our her PIN number or change it under any circumstances. Despite that precaution, the hackers once again gained access to Selbst’s phone, because the carrier’s employees did not follow the instructions.
Tips to Avoid a Mobile Phone Hack
In his YouTube video on the matter, Doug Polk also provided a blog post with tips for avoiding a mobile hack. Those who do not have time to watch the video should follow these instructions below.
Call your carrier and set up a PIN. Tell the provider not to give out information unless the person has the PIN number, and also is live and has a photo ID. Use two-factor authentification. That might sound paranoid and clunky, but it is much harder to hack someone’s account when it requires a 2-step verification process.
Using Google Authenicator
Once this is done, do not use SMS texting for verification unless it is the only option available (hopefully the second of two options). Do not use the Authy app, because it links back to your phone verification. If a hacker has access to your phone’s information, then Authy provides access to a trove of your information. Instead, use the Google Authenticator, which is available in the Google Play apps store.
If you lose your phone, then your codes are gone. This can be annoying, if you lose your phone. Google Authenticator does provide authenticator seeds, which you can write down and keep in case you lose your phone. Finally, do not use the same password on the many sites, forums, and communities you register an account on. This is especially true with the accounts which allow payments of real money. If you make deposits and withdrawals on a site, use a unique password.
Trezor: Advanced Cryptocurrency Security
The worst thing a hacker can do to an online poker player is to steal their cryptocurrency codes. To avoid this danger, use a device that allows you to keep your cryptocurrency in a cold wallet. Trezor is the device Doug Polk suggests. It looks a bit like a USB device, which plugs into a computer or laptop and allows access to one’s cryptocurrency. Without the PIN number for the Trezor, it is useless to anyone who stole it.
For one final layer of security, Doug Polk suggests people write down their recovery seed for Trezor, which allows someone to retrieve their cryptocurrency, if the Trezor is lost. Write down the verification code, rip it in half, and store the number in two different places. One, keep the Trezor code in a home safe. Two, store the other half in a safety deposit box.
Hopefully, that should set you up for an online poker career free of cyber-attacks. If you are willing to go to those lengths to protect yourself and your personal information, that should keep an online or mobile poker player secure from hackers.