Cross-site Scripting (XSS) Attack

Questions and discussion about PokerTracker 4 for Windows

Moderators: WhiteRider, kraada, Flag_Hippo, morny, Moderators

Post a reply

Cross-site Scripting (XSS) Attack

Postby APerfect10 » Mon Aug 26, 2019 5:09 pm

On August 8th, we were contacted by a potential customer and by Malwarebytes stating that PokerTracker.com website had been infected by a cross-site scripting (XSS) attack. Within an hour of receiving the email from Malwarebytes, we had determined that an old Drupal module which is no longer maintained contained a security vulnerability which allowed an attacker to inject an XSS attack into the footer of the PokerTracker.com website. We immediately disabled the module and the rogue script was no longer being injected.

Within 24 hours of the email from Malwarebytes, we took several further security steps which included patching the Drupal module that was vulnerable and tightening up our Content Security Policy to only allow whitelisted scripts to be executed so that the same type of XSS attack would no longer be possible.

In the days since the attack, we have been conducting a post mortem to determine the scope and severity of the attack so that we could contact those customers potentially affected. Here is what we have learned thus far:


  1. This was a highly customized and targeted attack of PokerTracker.com and it’s customers. The script was being loaded from ajaxclick.[com] which has not previously been seen in the wild.
  2. It appears that the attack took place between December 23, 2018 and January 2, 2019.
  3. We believe that the attackers were attempting to intercept credit card information while it was being sent from the user’s browser to the credit card processor. We do not have any information to confirm or deny whether the hackers were able to successfully intercept credit card and/or billing data.
  4. PokerTracker does not save or store any credit card or billing information on our servers. Only those customers who attempted to purchase via credit card while the rogue script was on the site are affected. We estimate that the number of affected customers is in the low thousands and we are in the process of notifying them.
  5. The PokerTracker 4 application and your data within PokerTracker 4 has never been compromised. PokerTracker 4 does load an internal browser for the community page which would have loaded the rogue script but it is not technically possible for the script to gain access to view your data within the PokerTracker application.
  6. We have no reason to believe that your PokerTracker.com username or password were intercepted; however, to be abundantly cautious we recommend changing your password.

If you entered your credit card information on the PokerTracker.com website between the dates of December 23, 2018 and August 8, 2019 we will be contacting you to urge you to closely monitor your credit card activity for any fraudulent purchases. If you notice a fraudulent charge, please immediately contact the telephone number on the back of your credit card to notify them of the fraudulent activity.

We regret that this incident has occurred and sincerely apologize that it has taken us three weeks to properly assess the scope and severity of the damage to notify potentially affected customers. This is the first time that we have had a major security incident and we have learned a lot during this process that we can improve upon.

Best regards,

Derek Charles
APerfect10
Site Admin
 
Posts: 4450
Joined: Sat Dec 08, 2007 6:03 pm
Top
Post a reply

Return to PokerTracker 4

Who is online

Users browsing this forum: No registered users and 39 guests

cron
highfalutin