Zynga Poker Hack Exe Password |BEST|
Alma Serrell
i play daily on zynga poker using my ipad and today i was short in chips i usually play 200/400k tables i went to buy some chips but no chips appeared in the list else than 350k and 90k and i was looking to buy 10.000.000 chips why this problem happening thx
Media reports in September 2019 noted that the hacker then claimed to have accessed the data of more than 200 million players of Zynga games, including Words With Friends and Draw Something accounts. Recently, however, a website that allows users to check if their data has been compromised in a breach has reported that the breached data included 173 million unique email addresses, usernames, and hashed/salted passwords.
Yesterday evening I got a call from my mother. She is quite tech savvy and generally knows her way around spam and viruses. However, yesterday she was startled: she got an email from Facebook thanking her for her purchase of 40 dollars worth of poker chips in the Facebook game TexasHoldEm. She was ultimately sure she had never done a purchase like that, but she was worried she had lost money one way or another.
The email seemed genuine. Logo, text, sender, and links all pointed to genuine Facebook resources. I decided to take a look and followed the link to the 'receipt'. A payment overview at Facebook.com opened and everything was documented as the email had stated: her account had acquired 40 dollars worth of poker chips in the app (game) TexasHoldEm. Surprisingly, though, those chips were paid with a PayPal-account registered to an email address we have never heard of:
I then checked her account's recent activity, more specifically the 'recent sessions' tab. To my surprise there was indeed an active session in Düsseldorf, Germany. As a panic attack, I immediately ended that session. Unfortunately that also hid the information about that session. For me this meant only one thing: her account must have been hacked, as she hasn't been to Germany and there is no way there could be an active - poker-playing - Facebook instance there.
In light of this, I urged her to immediately change her password. After that, Facebook seems smart enough to know you made the change because you thought something was wrong: it proposed to go through her recent app activity and post and possibly deleting strange behaviour. Indeed, the app TexasHoldEm had been used, and there had been four posts (of the app on her behalf) that she had been playing the game - going back one whole week.
The poker chips were for Zynga's Poker game on Facebook. As has been mentioned in the comments, you cannot withdraw won money from this game. This is valuable - and intriguing - information which makes understanding the hacker's motives even harder.
This (collusion) is probably illegal in most poker games and thus real accounts are used to make detection hard. Also, that's probably not the attacker's real name, their mail address and/or PayPal account.
They load your FB with money (from a stolen credit card). Lose at poker so the money goes to another FB account. Withdraw that with an anonymous prepaid credit card. There are lots of different ways of doing carding (fraud).
The first answer that pops to my head is money laundering. The hacker would just transfer the cash to their facebook account via playing extremely bad. I think, the reason why the 3rd party account needed to be hacked is Germany's gambling legislation. As far as I know, Germany has strict gambling regulations. It's probably forbidden by law to play particularly at Zynga (having no licence), so they needed an account outside Germany to do that. And why would they need to choose exactly Zynga? They thought it would be unnoticeable, because noone actually uses Facebook for gambling. The other factor is that Zynga is the only poker game that has an own contract with PayPal. PayPal usually doesn't allow anyone to use their API for gambling websites - and they needed money exactly to PayPal, because an unverified account is not linked to identity, and they could easily process the money, either buy bitcoins and continue laundering, or just go shopping on various webshops.
So, someone bought a hacked FaceBook account, set up a custom fake PayPal account in the name of the hacked account, gave the hacked account poker chips, and posted ads about their game to FaceBook as that account.
1) On the face of it, the only entity which benefits from this is Zynga, which gets advertising, and if the victim uses the poker chips and gets hooked, possibly gets another player. It also loses nothing by buying chips from itself.
However, there are obviously cheaper, easier ways to achieve this goal, such as just giving random people poker chips in an email blast, or a banner ad. So, I really don't think it's reasonable to try to pin this one on Zynga.
On the first question, I have to agree with what others have well-said in their answers: there's a good chance it's somebody testing out PayPal accounts to see if they will work or not. Other than that, let me offer a total guess that perhaps someone simply wanted more chips to play with on Zigna poker on Facebook. That sounds like it's almost too absurd a possible motive to lead anybody to break what is almost certainly a plethora of anti-hacking and anti-financial-fraud laws in place across multiple countries. But, well, cyber criminals tend to be like traditional criminals: a few of them are reliably skillful, disciplined, and careful, but many more are often sloppy, impulsive, and overconfident (Of course, a devil's advocate might argue the same is true about a significant minority of security professionals. But that gets us off down a different track.) I find it totally plausible that this could be a case where a brash attacker like that simply came accross your mother's Facebook login credentials, someone else's PayPal account credentials, and decided they wanted some more chips in Zigna poker.
-- He/she finds a set of credentials that have already been exposed by the compromise and dump of another site's password database on the Darknet and tries the same set across many popular internet services. If the user reused the user id and password anywhere else... well, that's why the first rule of choosing a decent password is making it a unique password.
-- He/she got the password from a phishing scam, where the user thinks they are entering their login info into what looks like the actual Facebook login page but is really a very convincing copy at a slightly different URL.
-- He/she manages to get malware installed on a victim's PC that records the victim's password--and quite possibly every password the victim types in--and sends them back to the bad guy.
( On the issue of password database compromises, an attacker can either (a) have simply found a resource on the Darknet where account credentials are sometimes publically released for all the world to see-- and to have stumbled upon some of those known compromised accounts that still happened to work, or (b) more likely the attacker came across the info for those accounts in lists of credentials that he'd or she'd already purchased access to for other, more nefarious purposes. As I intimated above, doing either of those things would be poor op sec/tradecraft on an attacker's part, in my opinion. But a great many hackers make such errors frequently without ever being held to account for them.)
Now, if your mom's password got grabbed by either of those first two methods she would be wise to read some pointers on the selection & management of strong, unique passwords, bone up a little on the basics of what phishing is, and enable two-factor authentication for all the accounts she can. Your basic user security knowledge touch-up that +95 percent of general computer users can benefit from.
And since you don't know how the attacker got your mom's password, the prudent, "responsible" thing to do is, of course, to assume that one of her computers (at least one) is infected with malware and act based on that assumption. And since your mom, though at least a little tech savvy, still probably doesn't have enough of a tech comfort level to feel okay about nuking her OS installs from orbit, you, OP, could well find yourself playing a long-distance tech support role.
My mom and I play a lot of Words With Friends. We've been knocking words back and forth across state lines for years now thanks to Zynga, the gaming behemoth behind WWF and a host of other addictive games such as Farmville, Zynga Poker, and Zombie Smash. In August, when Zynga changed its privacy policy, I actually read it. It was explicit about the information Zynga might collect; it ranged from the player's profile photo and email address to the websites they've visited and "the amount of time spent on particular pages." At the end of the policy, it said that any player who wanted to see what Zynga knew about them could request their file by emailing zy...@privacy.com. Companies in Europe are required by law to do this; it's how Austrian law student Max Schrems got Facebook to send him the 880-page dossier the company had on him. But it's a special treat for Americans. I wondered what would be in our Zynga dossiers, so my mom and I both requested our files. There was at least one big kink along the way: the first file Zynga sent to my mom was the email inbox of a Zynga contractor.
To kick off the self-doxxing, we had to email Zynga from the email addresses associated with our accounts, send along our Facebook id numbers, and mail checks for 6.34 Euro (or $8.70 USD at the time sent) to Zynga headquarters in San Francisco. About a week after my mom's check got there, she got an email from a "Zynga Player Advocate" named Lillian saying a password-protected file was attached, and that she would need to provide a phone number to get the password. Except the file attached to the email was not password protected; instead, it was an htm file that captured Lillian's inbox showing that she was an employee of the contractor -- Telus International -- that Zynga uses for customer support inquiries. Her inbox was full of other people's queries about other games. Some guy wanted a $100 reimbursement from Zynga Poker, and a Zynga employee recommended he get it given his "$1K lifetime spend." People complained about getting banned from games, a missing baby from the "Family Farm" in Farmville, and their Pioneer Trail account getting hacked. An "important notice about Chefville" was sent out with a message that it "NOT be shared with players." (Is Chefville getting the knife?)
dd2b598166