Following a very obnoxious response to a concerned customer, I thought I’d take a look at just what’s needed to login to a Betfair account. Turns out you can simply reset the password with an email address and a birth date and that’s it – you’re in!
This video is part of a blog post at
Vídeo Completo
Can I getting your what's app no for further discussion
Haha. This is one dumb website indeed. I just tried to create an account and reset it (3 years after Troy's video) and even though now they don't make it too simple, like Troy had shown …. guess what, they now make it virtually impossible to reset your password. They do the normal we'll-send-reset-link-to-your-email thing, but then ALSO require your DOB and father's name; and if you don't remember what you provided there you're out of luck resetting your password. Haha. What a bunch of dunces!
PS. Oh, and did I mention they also block pasting into password fields. "Stupid" can't be just one thing, right 🙂
Bunch of fucking shithead dumbasses — hilarious
This is why doing Cyber Security as your profession has the most stability and money opportunity in IT.
The problem isn't the developers (well not the whole problem). The root cause is the fact that corporations aren't being good citizens. It costs money and resources to do things right, and even when they are informed, they try to cheap out and deflect. I don't see this problem being fixed for a LONG time.
my laptop has broken I'm trying to access Betfair on my PlayStation 4 ,I need help, it's not loading the page correctly please help.
I just tried this and can't reproduce it, they've fixed it. An email is now sent when resetting the password, so email access is needed to reset it.
Does anyone check their email anyway? Just kinda curious…
Norton Secured? Oh boy sounds secure as hell!
They have changed it. Or at least here in England its changed.
They must of hired some SQL pro who was like ill test it!
A week of SQL injection later. The SQL pro said "Yep it secure, the NSA will be asking for a back door now".
Fail to check any thing else.
ESPN is also a bit of a joke is well.
it's simple:
step 1: steal an account
step 2: gamble all the funds
step3: PROFIT!
Troy ,a question…could you not reverse hack a scammers pc or put a virus on ?,I dont do the security part..cheers.
I was the 10,000th subscriber!
Lesson here: don't use your email as a username / Betfair shouldn't allow email addresses as Usernames.
I implemented a function like this, from scratch for a site.
Since it was my first time, and it was an obvious security-sensitive function, i did lots of research and testing first.
It became clear that there was plenty of ways to implement it, some safe, some …less safe.
This stupid implementation wasn't even on the map.
So… what's the "Forgotten your username" for? I can't be bothered creating an account to find out, but you have to enter your email to get the email containing your email?!
I'm assuming you could lose thousands of dollar on purpose at the expense of someone else by doing this.
I love how, on their sign-up page, they claim that their site is "Norton Secured"….. well, unfortunately Norton can't protect you against crappy website design.
I am speechless that even in 2015 there are companies who consider these kind of "security" acceptable. And on top of that their terms require you to keep your email account secret. Atrocious… just atrocious.