If you took the phishing bait, you lack digital safety education.

[crisulu]

The fact that hundreds, or even thousands, of users ended up losing their balance is disturbing and sad. But let's talk a bit of cold truth.

Stake's database didn't get hacked. Our most sensitive information are safe. 

Sendgrid got hacked and they serve dozens of clients, Stake included. There is no proof that sendgrid own such things as ID pics or code, security number or sensitive content. They own, yes, mail addresses, phone numbers and basic personal information like social networks do. And this is bad because we risk receiving a lot of spam mail. But the breach is not so huge as many people go paranoid about.

And I mention that Sendgrid and similar companies get periodically hacked.

That's the sad reality of a criminal world.

But it's also up to us to protect ourselves. 

The mail was obviously shady. Even if from Stake. The structure of the text was different from what their employees write. The (heck-yeah!) was a second hint that something is wrong. Psychologically exciting the victim.

And the two of the most important things that I'm quite impressed people didn't take into consideration:

1) They asked to log-in and shared a link. That's not professional, companies never LITERALLY NEVER ask users to log-in to their website while providing a link attached to a text. Also, you should always be logged it. And if you are. Never open a new session just for an e-mail. When the Stake does it, they just put the blue button and they don't directly incite people to open it.

2) Correlated to point one. Stake has many mirrors. But all of them end with a different domain. Nothing else. And more important THEY ALWAYS SEND LINKS WITH THE ORIGINAL WWW.STAKE.COM slash website and never a mirror. It's up to us to adapt it to the mirror we use. I mean... common guys, I kinda lose my patience thinking that so many people couldn't pay attention to such thing basic as the water.

 

I hope that the victims will learn their lesson and that this situation will educate others to generally stay safer in the digital world. In general, not just on Stake. Otherwise you'll fall again in this trap in the future.

 

Take care of where your write you passwords and pay attention to the mails you receive. 

[orbul]

I agree that it was a blatant scam attempt BUT I wouldn’t point the blame towards the victims at all.

The email was sent from the real stake email that always sends out our monthly bonuses and other bonuses. Most importantly, stake’s Twitter is always teasing the monthly bonus and it’s getting close to that time of the month anyways so thousands of people are expecting a bonus email.
 

The real blame should go to stake and their lack of security, we trusted them with our personal information and they go ahead and get social engineered and give up their entire players email database to a random hacker. Stake is at fault for breaching our data, not the players. 

[crisulu]

24 minutes ago, orbul said:

I agree that it was a blatant scam attempt BUT I wouldn’t point the blame towards the victims at all.

The email was sent from the real stake email that always sends out our monthly bonuses and other bonuses. Most importantly, stake’s Twitter is always teasing the monthly bonus and it’s getting close to that time of the month anyways so thousands of people are expecting a bonus email.

The real blame should go to stake and their lack of security, we trusted them with our personal information and they go ahead and get social engineered and give up their entire players email database to a random hacker. Stake is at fault for breaching our data, not the players. 

I completely, it's not completely victim's fault. But in a dirty and sad world where those things happen it's quite naive to fall for such basic hints as I mentioned. 

And no, it's not Stake's fault neither. Stake, as many other companies from which gambling sites too, use a lot 3rd party services to provide what we have. The security gap is Sendgrid's fault and there is nothing in common between Stake and Sendgrid beside being it's client. I hope you guys understand for real this part.

The hacker has the main fault and is responsible for it. Sendrid is in the line because they failed to provide the best security. But here it is to mention that whatever security someone provides, there will always be a hacker ready to learn to breach it.

And the victims are Stake and Stake clients that were naive to fall for it.

[majali7891]

29 minutes ago, orbul said:

I agree that it was a blatant scam attempt BUT I wouldn’t point the blame towards the victims at all.

The email was sent from the real stake email that always sends out our monthly bonuses and other bonuses. Most importantly, stake’s Twitter is always teasing the monthly bonus and it’s getting close to that time of the month anyways so thousands of people are expecting a bonus email.
 

The real blame should go to stake and their lack of security, we trusted them with our personal information and they go ahead and get social engineered and give up their entire players email database to a random hacker. Stake is at fault for breaching our data, not the players. 

Not really,

The reaction from their side was fast & immediate. They did not hesitate to send players a heads-up over Tele.

The breach was through the Mail service provider & not in Stakes servers. so they cant take the full blame,

Many other sites especially crypto trading platforms got hacked earlier but did not act or inform their members except until their balances were stolen..

So I cannot agree with you in putting the full blame on Stake since they where clear that the breach was through the Mail service provider & not into their own servers.

Whoever's fault it was; that's not the point. the point is that this happens with a lot of websites that has user's data.. therefore the users themselves should be aware & more carful in opening links.. which is not happening, many players just click on any link they see that would give a small hint of money, that's why we are seeing many users (Before this incident) complaining that either their emails or accounts got hacked and come to the forum asking for help.

 

[orbul]

7 minutes ago, majali7891 said:

Not really,

The reaction from their side was fast & immediate. They did not hesitate to send players a heads-up over Tele.

The breach was through the Mail service provider & not in Stakes servers. so they cant take the full blame,

Many other sites especially crypto trading platforms got hacked earlier but did not act or inform their members except until their balances were stolen..

So I cannot agree with you in putting the full blame on Stake since they where clear that the breach was through the Mail service provider & not into their own servers.

Whoever's fault it was; that's not the point. the point is that this happens with a lot of websites that has user's data.. therefore the users themselves should be aware & more carful in opening links.. which is not happening, many players just click on any link they see that would give a small hint of money, that's why we are seeing many users (Before this incident) complaining that either their emails or accounts got hacked and come to the forum asking for help.

 

If it is indeed true that stake had NOTHING to do with their sendit account getting hacked into, then I would agree that stake shouldn’t take much of the blame. However, it just leaves a bitter taste in my mouth that all of our emails were breached and that it got to this point in the first place. 

[MarziasDaddy]

Why dont you just shut the hell up already lmao stake isnt gonna pay you for defending them

[XeroF]

I think stake handled this as good as they could. Even getting that header at the forum page was great. That what got my attention. I have not received the email tho. 

[crisulu]

15 minutes ago, MarziasDaddy said:

Why dont you just shut the hell up already lmao stake isnt gonna pay you for defending them

I am not defending them. I want to point out that you people are naive enough to fall for such things in 2022. And if you understand it, you'll fall again. Even Microsoft suffered of such hack the last year. Beside thousands of other companies. 

[THIAGOSILVA]

33 minutes ago, XeroF said:

I think stake handled this as good as they could. Even getting that header at the forum page was great. That what got my attention. I have not received the email tho. 

All they did was make some lousy announcement that was a about phishing in general and not about the exact email. They didnt hold them selves accountable. No apology. No statement explaining what had happened or if our information is safe, even after 10 hours after the fact. How is that them handling the situation as best as they could? Were still itching our heads about how this could even happen to a multi billion online crypto casino. 

[NancyWheeler]

@Faris this person is making false claims, please lock their thread. 

“Sendgrid got hacked”

That is a lie. Sendgrid did not get hacked. Stakes account on Sendgrid was breached via social engineering. If anything, you should be asking Stake why they fall for such things in 2022. They lack digital safety education.

“Our most sensitive information are safe.”

Uh, that is a lie, and sensitive information is relative. Some may consider their email alone to be sensitive. I know I do.

”They asked to log-in and shared a link. That's not professional”

Uh, not professional? What’s not professional is having an entire database breached of your customers as a multi billion dollar company.

@Faris I’ve pointed out someone making false claims, the same reason you locked my thread. I also provided proof that they are false claims. 

[jungl3]

Nobody has mentioned the possibility that somebody within stake could be behind accounts being emptied.

Is there a pattern to which people receive phishing emails? I haven't had any, and nothing is in my spam, so what's the common denominator?

Also, they could be pissed off gamblers trying it on and not telling the truth, but a couple of people on the forum have mentioned having their account compromised and their 2FA reset. Could their phone be compromised; sure, but I think stake need to release a statement and tell us what they know. Most weeks for the past 6 months, somebody has made a post about having their account compromised and emptied - why and how? Does Blockchain analysis suggest it's the same people? Give us some details, stake.

[Evostevens]

You can not expect everyone to be as educated as yourself. As it's everyone's responsibility to educate themselves about cybersecurity, its stakes responsibility to not put anyone in jeopardy by getting social engineered into something that could potentially harm their paying customers.

Sure, mistakes happen, but you address them accordingly. What they do has the vibe of "ah, don't worry about it bro"

[XeroF]

1 hour ago, THIAGOSILVA said:

All they did was make some lousy announcement that was a about phishing in general and not about the exact email. They didnt hold them selves accountable. No apology. No statement explaining what had happened or if our information is safe, even after 10 hours after the fact. How is that them handling the situation as best as they could? Were still itching our heads about how this could even happen to a multi billion online crypto casino. 

I should had made it clear i meant to avoid more accounts clickin the link in the email. More transparaency is always welcome when it comes to stake.

[Kathyr555999]

I took the bait but it's my own f### fault so just take it all 

[majali7891]

17 minutes ago, Kathyr555999 said:

I took the bait but it's my own f### fault so just take it all 

Sorry to hear that, Don't forget to change your Stake's account password. that's if after clicking the link you entered the user & password.

1 hour ago, NancyWheeler said:

@Faris this person is making false claims, please lock their thread. 

“Sendgrid got hacked”

That is a lie. Sendgrid did not get hacked. Stakes account on Sendgrid was breached via social engineering. If anything, you should be asking Stake why they fall for such things in 2022. They lack digital safety education.

“Our most sensitive information are safe.”

Uh, that is a lie, and sensitive information is relative. Some may consider their email alone to be sensitive. I know I do.

”They asked to log-in and shared a link. That's not professional”

Uh, not professional? What’s not professional is having an entire database breached of your customers as a multi billion dollar company.

@Faris I’ve pointed out someone making false claims, the same reason you locked my thread. I also provided proof that they are false claims. 

Great,
It's my first time seeing someone who writes statements & answers them at the same time within the same paragraph 🤣

[ezcashin]

guessing its  from sending our info to the drake give away? , was my first thought. seeing that only some people got it and others didn't. but I have no idea., I got one but happy  I thought it was sus and ask support first.

 

 So do we no what really happen, was it sendgrid that was hacked???

 

[Kathyr555999]

On 11/9/2022 at 6:25 PM, majali7891 said:

Sorry to hear that, Don't forget to change your Stake's account password. that's if after clicking the link you entered the user & password.

Great,
It's my first time seeing someone who writes statements & answers them at the same time within the same paragraph 🤣

Sorry that far is person is full of shit but thankyou for being so kind and talking to me thankyou xxxxx

 

[majali7891]

18 hours ago, Kathyr555999 said:

Sorry that far is person is full of shit but thankyou for being so kind and talking to me thankyou xxxxx

 

Thanks for the warm words