I had the same happen to me some months ago. I logged on to find the balance on £0.00 (not a new experience!) and looking at the history, I saw somebody had placed an in-play bet on a USA soccer match and lost.

I contacted Betfair expecting to have real problems getting them to believe me, but after a while they did investigate and saw the account had been logged into from overseas. They accepted that this was nothing to do with me and (to my surprise) they agreed to refund the lost balance (around £150 from memory) - but they insisted on opening a new account for me and closing the one I'd had since 2002. I even lost my long-standing Betfair forum username. As for the AGT, I had to pay something to have my lifetime subscription moved to the new account.

I also like to think I'm pretty security savy and never was able to pin down for sure what had lead to the hack. The only thing I did wonder about was that a few years ago, along with many others, the details of my Paddy Power account was harvested by hackers. (a check of website https://haveibeenpwned.com confirmed my email address was on the list) I think the email address on the Betfair account that was hacked was the same as the Paddy Power one - and quite possibly, the password could have been the same.

hi yes ive checked ipawned my email isnt on there but my paddy power one is but not used paddy for years and that email i dont use its baffled me how they have done it but everything sorted now, the thing is though if betfair isnt licenced in canada or china how did they allow a log in , i got 2 step now betfair the only account i never had it on sod law isnt it everything as changed now on betfair email etc , im also using a safe browser through my security it all helps , im on a 3 monthly scrip from the geek but its £15 a quarter so will just sign up for a new one at £20 a quarter in the meantime will have a trial on a other 3rd party api see how that goes

I might be wrong, but I thought I read somewhere that you couldn't use 2-step authentication with the Geeks Toy. I know I refused that with Betfair at the time they were sort my account hack out, giving that as the reason. Maybe someone else will tell me if that is correct, or I'm talking rubbish.

Last we knew 2 step works fine on GT. You just need to suffix your password with the Google code at login.

GT like all vendor products is fully security tested & certified by Betfair, and I can tell you by the fact that all we do is securely transmit the login data from the app directly to Betfair, coupled with the number of account change requests of this nature we have had in recent times, this breach isn't coming from us.

What I will say about this though, is Betfair is one of the most slipperiest, arrogant, customer indifferent companies I have had the pleasure of dealing with on both a customer & vendor level. If they are compensating you for these losses so easily, it would suggest there is / has been some liability issue their side that they are not publicly coughing to. { Like the data breach a few years back that didn't get made public for 18 months.}

Ditto in 2013 when we uncovered a number of serious security breaches { including user names & passwords being badly compromised } in a new API product over a period of months. Betfair's primary focus then, rather than immediately warning the users of that product that their data had been compromised & to change their passwords, was expending significant effort keeping it all as quiet as possible.

Dear Mr Geek,

Thank you for putting me right about the 2-step login. Having now done a bit of searching on Google, I can see that it has worked since 2013ish. There were a few comments around, both on here and Betfair forum saying it didn't and I guess that was what stuck in my feeble little brain.

When my account was emptied out last November, I was sure they were going to tell me it had to be me who lost the bet, so I was pleasantly surprised when they agreed to look into it and found that my account had been logged into from a Russian IP address and that it was highly unlikely to be me, as I'd only logged out in Hertfordshire, England about an hour earlier. Surely, if they had any worthwhile security, it should have flagged up as being dodgy from the moment a Russian IP address was involved!

Just to say that your comment about Betfair - "Betfair is one of the most slipperiest, arrogant, customer indifferent companies I have had the pleasure of dealing with on both a customer & vendor level " is oh so true!! Their customer service moto is 'the customer is always wrong, never Betfair!'

The fact that Betfair and Paddy Power got into bed together is hardly going to help security in my experience. The only other bookmaker I had this type of problem with was Paddy Power. Think it was about 3 years ago when I logged on to PP to find I had a zero balance. It turned out somebody had got into my account (no doubt from the information stolen when they were hacked previously) and had just added a Moneybookers account to my Paddy account and used it to withdraw the whole balance straight away. I had only ever used my bank card to deposit/withdraw, so some alarm bells surely should have rung in Paddy towers! They did refund me - but I've never had a bet with them since.

hi geek
and thanks for clearing that up they refunded me straight away after all i logged in from uk 1 hour after someone tryed from canada and failed but 1 minute later from china they got in , i asked betfair how someone was allowed to log in from a country where betfair isnt allowed just got the usual 3rd party crap , 2step does work geeks toy as before geeks loads up you have to sign in the portal with 2step before ,and while we are on the subject i have changed all my log in details but my username is still the same i wish to change this will it be possible for you to change my geeks to accommodate the name change? thanks