Sunday, July 27th, 2008
Issue: 84   Editor: NYX2000


Resetting Anothers Password ViennaBeef

As a very forgetful person myself, I am quite glad that Bootleggers has the option to reset our passwords should we forget them. Simply enter in the email address that you used to register for Bootleggers with and a new password will be sent to that email address. However this useful option also has the potential to be severely abused as a part of a nasty scheme should someone else know the email address that you registered for Bootleggers with.

The scheme in question affects casino owners primarily, especially those who put up a high max bet. It works by one person constantly requesting the password reset email for a casino holders account while others bet on it. As soon as that email is sent your account becomes logged off, and by having the email constantly sent it effectively prevents someone from logging back in to the game.

I talked to iLionWar who had to deal with this while holding a Roulette table on a previous account and here's his description of what took place. "I made the max of the table 25mil, and cash in hand was 45mil…and suddenly the game logged me out, so I tried to log in again… it didn't work. I started to receive emails for my new password… it seems someone knew my email. So there was no chance to log in because the emails didn't stop. I received over 600 emails in about an hour and a half." A friend of his was eventually able to get a hold of a Moderator who helped him change his email and after about 2 hours of being locked out iLionWar was able to log back in. Luckily for iLionWar the table favored the dealer during that time period and he made a profit and kept his table while he was locked out.

So what can be done to prevent this happening to you should you ever find yourself holding onto a casino? First off keep your registration email private! If no one else knows the email that you used to register for Bootleggers with they can't mess with your account. Other than keeping your personal information private, there isn’t much else you can do. Perhaps the Administrators should edit the password reset feature so that passwords can only be reset a limited number of times per day, but by simply not letting your email be public you will avoid this hassle altogether.