BetFair Hacking 02/11

[TheJoker]

Righto, short history.
07/02/2011 - My BF account was hacked and two bets placed totalling 1800 pounds placed and lost. Account suspended an hour or two after for 'suspicious activity'

Numerous answer phone messages to me over the next few days asking to ring BF.

Was my birthday during that week so I took a week off starting the 6/02/2011, didn't get around to ringing them until 11/02/2011.

BF position is that someone although from a alien IP address (London I believe) used correct details to log into my account and place the bets. Report to police if you like but as far as we are concerned case is closed on their end.

I have been wicked busy for the last 7 months or so and couldn't deal with the perceived stress with taking BF on. Unfortunanly for BF I am no were as busy and well a truly pissed off.

So this thread is going to keep track of what is going on, feel free to move to whatever forum is appropriate.

First stage, draft a email and will most likely send by snail mail too.
It out lays my position that is roughly as following.

1) It wasn't mean who placed the bets, the CS advisor did accept this as so (pinch of salt to its value)

2) They are aware of a security breach in this manner, not only did the CS say 'this has happened a few times recently', but it can be seen and I think the earliest report is mid 2010 of the exact same of hacking.

3) As they are aware of the security breach for 9 month previous, by failing to notify customers of the risk and appearing to make no or the least inadequate steps to rectify the security issue.

4) By blocking my account for susppcious activity, they have indirectly acknowledge a duty of care of customers funds, and this duty with point 3 raise the question of being negligent for reacting too slow.

s.13 - Supply of Goods and Services Act 1982 - “In a contract for the supply of a service where the supplier is acting in the course of a business, there is an implied term that the supplier will carry out the service with reasonable care and skill.”

5) They will hide behind their coverass term and condition that states its all the customers liability, in which there is the possibility that this term is not expressed clearly enough and more important prominently enough.


Have I missed any angles? I will send of the email tomorrow and snail mail Monday morning. I think I will allow a response before hitting them with a LBA.

[Fender]

Your assumtion here is that it was Betfair that was hacked, and that is how your details were stolen, Its more likely imo that it was your pc that was hacked. The user name is easy to get, however all passwords stored at Betfair would be encrypted, and difficult, although by no means impossible to break, on your pc your password would be plain text, and easy for a keylogger to grab, along with your user name.

And of course you pc would be far easier to get into than Betfair.

Unless Betfair admit the breach was at their end, I dont think there is a lot you can do, in terms of legal action. Although of course you can kick up a fuss, and generate them lots of bad publicity, to the point where they refund your losses just to shut you up lol.

[TheJoker]

Your assumtion here is that it was Betfair that was hacked, and that is how your details were stolen, Its more likely imo that it was your pc that was hacked. The user name is easy to get, however all passwords stored at Betfair would be encrypted, and difficult, although by no means impossible to break, on your pc your password would be plain text, and easy for a keylogger to grab, along with your user name.

And of course you pc would be far easier to get into than Betfair.

Unless Betfair admit the breach was at their end, I dont think there is a lot you can do, in terms of legal action. Although of course you can kick up a fuss, and generate them lots of bad publicity, to the point where they refund your losses just to shut you up lol.

This is true, my laptop did run a virus scan on the 6/2/2011 and my laptop wasn't used since till after the incident and that came up clean. It is always going to be BetFairs stance that I am in the wrong and they know that it is impossible for the customer to prove that their is no way their details became compromise by them.

However this will ultimately be small claims action, it uses the balance of probability, all I have to do is show sufficient negligence/liability of behalf of BF, which IMO foreknowledge of this exact problem and taking inadequate steps to tackle the problem would do. Judges do tend to have a weighting towards the consumer as it is.

It is only going to cost about 65 quid, EV+...

[Hippyer]

It is only going to cost about 65 quid, EV+...

Good luck!

[lorrainewade]

have you considered the possibility that these leaks have a connection to betfair themselves? imagine how hard they would work to stop that getting out. (were it true). (which there is no reason at all to think it is of course).