Security measures for BurstCasino.com

in burst •  8 years ago  (edited)

Hello everyone,

Today we started our first post for our site BurstCasino.com; we will release details about our future updates and more here, we advice for our members to follow our Steemit account to stay up to date.

Recently, we started having some hack attempts to our members account. As you may be aware, Burst got a big hit about a week ago, when a member found out that someone was using the SurfBar (that offered free burst to run it) for bad intentions, one of the sites shown with the SurfBar was using a keylogger to hack wallet passphrases, others emails and password, and more.

That same person got access to the email and password of some of your members (at least two that we know of), and our players without the 2FA are at risk. If you are one of those that were running the SurfBar, I recommend you to visit https://forums.burst-team.us/topic/3833/the-surfbar for more details on what was going on with it and how to find if the hacker installed the keylogger for you.

Because of all of this, we decided to make additional security changes to https://burstcasino.com.

1. We removed the request password feature; looking at the hacker recordings we were able to find that one time he didn't have the password for the casino, but was able to get access to the member email, he requested a password change and got access to his account. If you need to change your password in the future, you are required to contact us directly at support [at] burstcasino.com.

2. Removed disposable emails; Members with a disposable email aren't allowed on our site and are against the rules, we removed the possibility to create an account with all the major temporary email services (more than 1.1k providers).

3. One withdrawal address; Before, a member was able to withdraw his balance to any burst address they wanted, this allowed to some members to be able to send Burstcoin they owed to another account, or if the member had multiple wallets, they could send to one or another. This feature has been removed, and instead, the member is required to enter a withdrawal address the first time (or if not already set for current users) they want to withdraw, and after that, every withdrawal request will send to that same address, without the possibility to change to a new one.

4. Changes in the tip system; The second technique the hacker used was to take burst from one of the hacked accounts and sent it to a newly created account as a tip, then withdrew from there. After looking at our members, we found out that others where doing this to bypass the 10 minutes limit between transactions. Now members are required to have at least level 5 to receive rain or tips.

Those are the changes for today and more are coming soon. Remember that it's always a good idea to enable 2FA in the site and store burst into the vault to protect them at all times).

Good luck everyone and happy gambling!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

I don't know how possible this will be, but to help increase security to the members, I'd make it mandatory to either have a code sent to their cell phone or activate 2FA and enter a code for signing in.

  ·  8 years ago (edited)

This is our next step for the security, we want to be able to add 2FA during login too, instead of just using it for the vault.

  ·  8 years ago (edited)

I want the 2FA for my login too!!

I am still in level 3 , so long way to go to receive rain,

Level 3 is quite good! Good luck :)

I got to level 6 today, these are great changes! Thank you for all the work you do to protect the members at your casino. Keep up the good work.

Congratulations on becoming level 6! And you are most welcome.

Im a member of the casino Level 5. I was recently banned without notice that I could see. I enjoy the site and frequented quite often I list everything I deposited but thats life. I would really like to continue playing if that is possible. If I infractured a rule please let me know.