If you have money in a Skrill acount I suggest you withdraw and unlink your bank account. They seem to have had a breach they are not reporting and just allowing peoples accounts to be clean out. Only after do they tell you to change your email address and restrict the account by IP.
I had my account hacked on January 23rd quite a lot of money went missing. Im not going into detail at the moment. I dont have time. I think skrill has had some serous security breach.
While nothing has been said to me about this I have found this:
http://www.gamesandcasino.com/gambling- ... 50-000.htm
http://www.gambling911.com/online-casin ... 22216.html
from the article:
2 days alter after my account was hacked they released the 2 factory authentication and then this week they disabled my mass payments and said I need to IP restrict my account. Apparently they are emailing customers telling them to do this.“*Since I'm VIP member and being victim of fraud I thought I was covered 100%, but I was told you won't qualify for (a) 100% money back guarantee. I asked: ‘ Why?’ She said: ‘Because you don't have a token’, which btw no one from Skrill ever told me about the device or emailed me.*”
IP restriction may block some types of hacking attempts but its not going to stop some one who has found a Trojan infected PC, that has remote PC and key logging abilities!
Their response has been dismal with them even putting the phone down on me after I called on an international rate number and was on put hold for 10 minutes. I was asked if I had a personal account or business account. when I said business Skrill told me to call back later without even asking what my issue was. WTF!
No one contacted me after a month. Only after I send a email to every skrill email I have did i get a response telling me the remaining amount could not be recovered.
Also the call center staff trying to tell me its my fault and i should have applied for the RSA token. Nobody at skrill contacted me to tell me to get one nor do they advertise this on their site!, the only place its mentioned is in the VIP section. I don't qualify to be a VIP because I don't gamble! Does it not sound logical that they should be contacting their customers who have large sums of cash in their payment accounts to get a RSA token? My bank wont even allow me to transfer money without a RSA token.
Their big security plan:
email, password, date of birth
One of the their staff was arguing with me that date of birth is a secure security question and that no one knows their birthday online.
I received 735 txt messages to my phone to block me getting a txt message about the transfer so these people are smart enough to find my phone number and I'm sure they can find my bloody date of birth!
You are "call center staff" not cyber security experts or lawyers!!!!! stop dreaming! you don't have the educational background to be a security expert. and your lawyer ability is what skrill tells you.
I'm waiting on a "full incident report" from them. Lets guess what they say!
a. Skrill are to blame because of poor security practices and will cover any loss.
b. The victim is to blame.
There are some really some horror stories out there is you type in skrill hacked.
https://www.google.com.hk/search?q=skri ... 7&bih=1109
If you have a Skrill account hacked story you can report it here:
http://www.skrillvictims.com
Why did it take 5 years when 7.8 millions users records where compromised in 2010 to announce it?
Skrill current system of using email, password, date of birth is not enough to protect your earnings. Hackers might get this information from hacked sites, sites with poor security. key loggers, brute force, trying passwords like kids name + year born, etc...
Skrill has a new 2 factor authentication service. I recommend any one using their service to apply for this feature to be added to their account.
http://help.skrill.com/en/Article/secur ... ation-2fa/
you can email them and request this feature be added to your account here:
merchantservices@skrill.com
Tell them OpenCart recommended this.