To see less ads Register or Login ----- Daily Fantasy Sports Games 18+.

Hanging up the boots

A Fantasy Football forum for news on fantasy football games run by the Premierleague (FPL).
Post Reply
wizardoffire
Dumbledore
Posts: 5129
Joined: 09 Apr 2013, 20:47
FS Record: 2013/2014 FISO Hotshots league

Hanging up the boots

Post by wizardoffire »

I think Im done.
Long story short, my account was hacked in the last week along with many other people.

Yes, Ive been a bit inactive the last month. Missed a lot of deadlines due to studying for professional exams and COVID cancellations has kinda ruined my season. Still salvageable with all the games to be made up. As of game week 22, I was still in the top 50k and a nice overall team value of 104.4 mill and 1404 points.

Fast forward a game week 990 transfers made at a cost of 3952 points leaves me on a whopping -2527 points and a position of 8.9 mill!!! My overall team value has lost 2.3 million in value and my bench boost was also activated.

Based on what Ive read on twitter, FPL towers don't seem to be doing anything. Next season they plan to introduce two factor security, game needs it now! My password was complex and I dont use third party apps for FPL, never have, never will.

Ill keep this updated, if I hear anything from FPL but Im not expecting anything to be fixed in terms of my team being reinstated. Im sorry to the side leagues that Im in that have been essentially ruined
Last edited by wizardoffire on 26 Jan 2022, 23:55, edited 1 time in total.

User avatar
TheRumourMill
Grumpy Old Man
Posts: 1353
Joined: 03 Dec 2017, 23:15
FS Record: FPL: Similar to Everton - haven't cracked the top 10k glass ceiling yet, neither have I had and sub 500k shockers either!
International tournaments: Better, 11k in WC 2018 and top 1000 way back at Euro 2012!

Re: Hanging up the boots

Post by TheRumourMill »

Thats absolutely dreadful, sorry to hear that. Agree that 2fa was needed earlier, they got a warning when a load of hackings occurred in October (including of this very site!), and nothing was done. That was linked to Hub's rubbish security though so its alarming to hear you have been affected despite using no third party apps. They seem to be using scripts to do it which is beyond my level of computer understanding but it seems to be successful at disrupting large numbers of people unfortunately. Apologies again.

User avatar
RomynPG
Dumbledore
Posts: 9066
Joined: 13 Oct 2005, 18:32
FS Record: FPL 134 overall 06/07 ... never close since

Re: Hanging up the boots

Post by RomynPG »

Well that's a real bummer - so sorry that that has happened to you :(

Like TRM I'd also be interested in how this hacker is doing what they're doing - get a common denominator if it isn't 3rd party apps. Do you mind people asking questions or are you, understandably, too fed up to go into it any more?

User avatar
wahine
Grumpy Cat
Posts: 2710
Joined: 01 Jul 2009, 07:58
FS Record: ♀️ The more man meditates
upon good thoughts, the
better will be his world
and the world at large. C.

Re: Hanging up the boots

Post by wahine »

aw 🤬🤬no matter where your rank is at a particular time, a Bruno Captain one week can turn it all around.

Hope they can do something for you?

The glass is always full, would you like to play the last season league in Fiso Draft divisionals, I will give you a shout when time comes. :)

User avatar
Oxford NZ
Dumbledore
Posts: 5138
Joined: 06 Jan 2017, 03:35
FS Record: They think it's all over!

Re: Hanging up the boots

Post by Oxford NZ »

You will be ok in the divisional champs as I can edit the data manually.

User avatar
Smurphy Paw
FISO Knight
Posts: 10507
Joined: 17 Aug 2006, 17:48
FS Record: Mediocre, apparently
13/14: FPL 1792; FIFA 14 Top 700.
17/18: FPL 696th; loads of mini-League wins and side game promotions
18/19 1FC Köln 5AS Champions
#1 Spring Super League regular season 19/20 & 20/21

Re: Hanging up the boots

Post by Smurphy Paw »

Sorry to see this. Really frustrating. Fingers crossed that FPL Towers undo the damage done to you and others

User avatar
Aldershot Rejects
Dumbledore
Posts: 9120
Joined: 03 Aug 2011, 17:15
Location: Kent
FS Record: 5th Metro (2010-11); 146 - Sky (2015-16); 218 - Sky (2014-15); 386 - Sky (2020-21); 636 - FPL (2017-18); last 16 Sky Cup (2018-19)

Re: Hanging up the boots

Post by Aldershot Rejects »

That sucks. I wonder how many people have to be hacked before FPL take this seriously.
Hope FPL do something, but like you I won't be holding my breath.

User avatar
murf
FISO Viscount
Posts: 101948
Joined: 13 Oct 2005, 18:28
Location: here
FS Record: Once led TFF. Very briefly.
Contact:

Re: Hanging up the boots

Post by murf »

I thought the 'hack' was just them using passwords stolen in breaches on other sites. Is it worse than that?

User avatar
Ruth_NZ
Grumpy Old Gorilla
Posts: 9083
Joined: 25 May 2015, 22:46

Re: Hanging up the boots

Post by Ruth_NZ »

Bloody pain in the ass. Honestly don't understand what satisfaction anyone gets from ruining the innocent hobby of a random person that they don't know. :o

User avatar
Neath boy
Grumpy Old Man
Posts: 4167
Joined: 13 Oct 2005, 18:32
Location: Watching the Swans
FS Record: Egg Cup Premier league champions 2011-12 and 2012-13. Fiso H2H PremierLeague champion 2015/16. FISO Super League regular season champion 2016-17.

Re: Hanging up the boots

Post by Neath boy »

What a bummer!

Anyone have any idea how they hack with a complex password and non use of third party sites?

User avatar
hayesag
Grumpy Old Man
Posts: 4434
Joined: 22 May 2006, 21:45
Location: https://fantasy.premierleague.com/entry/424718/history
FS Record: piss poor

Re: Hanging up the boots

Post by hayesag »

Neath boy wrote: 28 Jan 2022, 16:54 What a bummer!

Anyone have any idea how they hack with a complex password and non use of third party sites?
fantasy football hub i believe is where it all started :twisted: That site coupled with using the same password on other sites. People were warned to change all linked passwords as soon as it all kicked off. So if you didnt take note of the advice given then im sorry but u should yourself ask the question why didnt you?

anything beyond that your guess is as good as mine. :shock:

User avatar
ajcairns
Grumpy Old Man
Posts: 1219
Joined: 05 Oct 2016, 14:40
FS Record: Still Decidedly Average.

FISO Mini Leagues Wins:
18/19 FPL (Lower) H2H Spring League
S15 R6 Sunday League
S10 D3 H2H Draft

Re: Hanging up the boots

Post by ajcairns »

Sorry to hear that's happened to you wizard. I'd be interested to hear how the password was made complex as it's clearly been brute forced if you hadn't used it on a third party. Could be useful intel for FPL Towers (if they were interested).

User avatar
Bob Newhart
Dumbledore
Posts: 9933
Joined: 13 Oct 2005, 18:43
Contact:

Re: Hanging up the boots

Post by Bob Newhart »

Ruth_NZ wrote: 28 Jan 2022, 13:42Honestly don't understand what satisfaction anyone gets from ruining the innocent hobby of a random person that they don't know.
Image

User avatar
Neath boy
Grumpy Old Man
Posts: 4167
Joined: 13 Oct 2005, 18:32
Location: Watching the Swans
FS Record: Egg Cup Premier league champions 2011-12 and 2012-13. Fiso H2H PremierLeague champion 2015/16. FISO Super League regular season champion 2016-17.

Re: Hanging up the boots

Post by Neath boy »

hayesag wrote: 28 Jan 2022, 17:17
Neath boy wrote: 28 Jan 2022, 16:54 What a bummer!

Anyone have any idea how they hack with a complex password and non use of third party sites?
fantasy football hub i believe is where it all started :twisted: That site coupled with using the same password on other sites. People were warned to change all linked passwords as soon as it all kicked off. So if you didnt take note of the advice given then im sorry but u should yourself ask the question why didnt you?

anything beyond that your guess is as good as mine. :shock:
He said he never uses third party sites such as FFH.

User avatar
Magic
FISOhead
Posts: 936
Joined: 16 Jul 2017, 08:29
FS Record: Improving

Re: Hanging up the boots

Post by Magic »

Bob Newhart wrote: 29 Jan 2022, 08:26
Ruth_NZ wrote: 28 Jan 2022, 13:42Honestly don't understand what satisfaction anyone gets from ruining the innocent hobby of a random person that they don't know.
Image
Exactly. It was a dumb question to be honest. Obviously they did it just for the hell of it because they could.

User avatar
Multiple Scorgasms
Grumpy Old Man
Posts: 2614
Joined: 29 Dec 2009, 00:30

Re: Hanging up the boots

Post by Multiple Scorgasms »

They still haven't sorted it, Brothers account hacked and nane changed to Ben Crillen.

Seems anyone can be a target, not just top 100k etc

Sent from my SM-A515F using Tapatalk


User avatar
Multiple Scorgasms
Grumpy Old Man
Posts: 2614
Joined: 29 Dec 2009, 00:30

Re: Hanging up the boots

Post by Multiple Scorgasms »

They activated BB so he can't even WC put of the hits.

Sent from my SM-A515F using Tapatalk


User avatar
Malrom
FISO Knight
Posts: 10670
Joined: 13 Oct 2005, 18:43
Location: Feet in Switzerland, Football heart in Leeds
FS Record: https://www.youtube.com/watch?v=Nzgx_Rz2DiM
Contact:

Re: Hanging up the boots

Post by Malrom »

FISO is probably a small community compared to the 9'00'000 players, but maybe an email from Admin could wake them up to do something!

Just a suggestion and not sure if it would make a difference!

wizardoffire
Dumbledore
Posts: 5129
Joined: 09 Apr 2013, 20:47
FS Record: 2013/2014 FISO Hotshots league

Re: Hanging up the boots

Post by wizardoffire »

Sorry for the late reply... real life has somewhat taken a priority.

They did finally reply. Not a very encouraging message.
Dear Fantasy user,

Thank you for getting in touch. We’re sorry to hear this has happened to your FPL team.

We believe what has happened is that you’ve used the same email address and password combination on another online account which at some point in the past has been involved in a data breach, leaving your FPL account exposed. We published this article related to this issue - https://www.premierleague.com/news/2462999

To secure your account, it’s important you now change the password to a strong and unique one which you don’t use on any other websites or apps. You can do this by logging into your account or by using the ‘Forgot your password?’ link on the login page.

We frequently receive requests from FPL managers for a variety of reasons to reinstate transfer points and chips played. In fairness to all managers and to apply consistency across the game, we’re unable to grant these requests with very few exceptions.

We understand this is disappointing but hope you’re able to continue playing FPL and enjoy the remainder of the season as best you can.

Kind regards,
Fantasy Premier League Support
Email suggests they are washing their hands of the matter. Little digging shows the account used was involved in a data breach that I was not aware of :(

I sent them a response back so will see what happens. In particular calling out the very few exceptions. I mean this isn't someone getting drunk mass transferring their team and then triple captaining a player and then contacting them saying I meant to make these changes and actually my triple captain was meant to be this player who just happened to score a hat trick.
There are thousands of accounts out there all in the same boat and they just dont seem interested in putting in the effort to resolve these accounts.

The audacity to suggest that they hope I continue playing FPL and enjoy the remainder of the season as best I can is a JOKE! Im not even going to get back to zero. Fixing my team is going to basically take my wildcard, won't be able to get the team back to what it was due to the loss in value and now its behind the trend as then I dont have the means to react further down the road. Its just down the drain unless there is some form of fix. The motivation really has gone :'(

User avatar
wahine
Grumpy Cat
Posts: 2710
Joined: 01 Jul 2009, 07:58
FS Record: ♀️ The more man meditates
upon good thoughts, the
better will be his world
and the world at large. C.

Re: Hanging up the boots

Post by wahine »

It's a poor response, surely they know when they have been hacked?

The chaos to the team could only be through malicious means.

With the so called twitter experts getting early team news advantage, and the probability that a good proportion of those nearly "9 million players" being multi entries, game could seriously be in trouble moving forward with that attitude.

what other troubleshooting could they be doing during the season that they don't have time to check out the obvious.

Yep a grumpy Kiwi again :lol: and it wasn't even my team - yet.

I hope you get a better response WOF - sigh

wizardoffire
Dumbledore
Posts: 5129
Joined: 09 Apr 2013, 20:47
FS Record: 2013/2014 FISO Hotshots league

Re: Hanging up the boots

Post by wizardoffire »

Seems FPL sent a generic email out to all accounts over night
Dear FPL manager,

We are writing to all Fantasy Premier League (FPL) managers who have had their FPL account compromised in recent weeks.

Firstly, and importantly, we are very sorry this has happened to your FPL team and that your season has been impacted in this way. We understand that recent events have been deeply frustrating for users who invest significant time and effort in FPL and derive a great deal of enjoyment from the game. To that end, we would like to provide you with further detail so you can better understand how and why your FPL team has been compromised and how to mitigate the risk of future attacks.

Credential Stuffing

Over recent weeks, an increasing number of FPL accounts have been compromised. We believe the attacker has gained access to these accounts through a process known as ‘credential stuffing’. This is a type of cyber-attack where an attacker obtains a list of stolen login credentials from historic third-party data breaches. The attacker then systematically uses these credentials to attempt to login to another website or app. Most of these login attempts will fail, but where a user has adopted the same email address and password combination across multiple websites or apps the attacker may succeed and gain access to a user’s account. Internal investigations and analysis of our data logs have revealed behaviour that is consistent with credential stuffing.

The typical activity we have seen from the attacker once they have gained access to another FPL manager’s account is to change the team’s name, make multiple transfers resulting in a significant points deduction, add teams into new mini-leagues, and in some cases change the manager’s name.

We appreciate this is of little consolation to you now, but we have been actively trying to stop these attacks and have been successful in many instances.

Our systems

In response to the attacks, we have carried out robust internal system checks and there is no evidence of a security breach on our systems. This is in addition to various independent penetration tests carried out over the course of the last year.

Moving forwards, we will continue to maintain robust security defences as well as looking to identify new technological solutions that can help to bolster our existing security defences. We have also committed to offering all FPL managers two-factor authentication for the 2022/23 season onwards.

What you can do

If you have not done so already, please change the password on your FPL account as soon as possible. This is very important to ensure you secure your account and mitigate the risk of any further attacks. You can do this by logging into your account or by using the ‘Forgot your password?’ link on the login page. Please create a unique password that is not used elsewhere. It is also prudent to create a strong password that would be hard for an attacker to guess. In addition, we strongly encourage you to update your password(s) on other websites and apps to prevent you being targeted in the same way.

Points, chips and teams

We have received requests from FPL managers to reinstate transfer points, restore teams to how they appeared in previous Gameweeks, and return chips played or provide additional chips. Whilst, of course, we would love to be able to do this, it would be inconsistent with our policy in respect of such matters. In fairness to all FPL managers, in order to protect the integrity of FPL, and to ensure that we adopt a consistent policy across the game, we are unfortunately unable to grant these requests. This is as difficult a decision as it is disappointing for you, and we sympathise with your situation.

Again, we deeply regret the impact that this has had on FPL managers. We hope you can overcome it and continue playing FPL this season or return to play in the future.

Kind regards,
Fantasy Premier League
Make what you want of that but this email almost contradicts the email I shared yesterday. They said they can make exceptions but here they arent budging

The integrity of FPL has been ruined because teams have been affected that were competing. I was top 50k and well placed for a final season push.

User avatar
Mav3rick
FISO Knight
Posts: 19804
Joined: 20 Jul 2009, 20:35
FS Record: FPL: 1082, 1201, 1800, 10203

The stats are dark and full of errors.

Re: Hanging up the boots

Post by Mav3rick »

I don't really see how restoring a team selection, points and chips to a point before the unauthorised access is damaging the integrity of the game.

I can see that they don't want to have to judge when a player claims they were hacked and just regrets their wildcard, but in cases like the above where hundreds of points hits were taken its clearly not been done deliberately, I can't see an integrity issue.

User avatar
murf
FISO Viscount
Posts: 101948
Joined: 13 Oct 2005, 18:28
Location: here
FS Record: Once led TFF. Very briefly.
Contact:

Re: Hanging up the boots

Post by murf »

Mav3rick wrote:I don't really see how restoring a team selection, points and chips to a point before the unauthorised access is damaging the integrity of the game.

I can see that they don't want to have to judge when a player claims they were hacked and just regrets their wildcard, but in cases like the above where hundreds of points hits were taken its clearly not been done deliberately, I can't see an integrity issue.
So where do you draw the line in the sand in terms of number of transfers? When does drunken idiocy become clear hacking?

User avatar
Mav3rick
FISO Knight
Posts: 19804
Joined: 20 Jul 2009, 20:35
FS Record: FPL: 1082, 1201, 1800, 10203

The stats are dark and full of errors.

Re: Hanging up the boots

Post by Mav3rick »

That's my point, I can understand why FPL don't wanna have to make those decisions.

It's like VAR, you clear up the howler but then you get bogged down by armpits and toenails...

User avatar
murf
FISO Viscount
Posts: 101948
Joined: 13 Oct 2005, 18:28
Location: here
FS Record: Once led TFF. Very briefly.
Contact:

Re: Hanging up the boots

Post by murf »

But there has to be a line in the sand to define something where it isn't clear and obvious whether something is clear and obvious ir not.

User avatar
Mav3rick
FISO Knight
Posts: 19804
Joined: 20 Jul 2009, 20:35
FS Record: FPL: 1082, 1201, 1800, 10203

The stats are dark and full of errors.

Re: Hanging up the boots

Post by Mav3rick »

I think we are agreeing!

It's "obviously" an error in wizardoffire's case, and if we were being fair about this one case only then we can easily justify a correction on instinct. But do that for one manager and you have to make a rule, at which point the edge cases get blurred you'll get someone with a -8 who says it was a hack and wants it reverted.

I don't have a problem in saying wizardoffire's case is obviously unfair and should be reverted, but I cant define a boundary and I understand why FPL don't want to either, and hence the blanket "no correction" response.

User avatar
murf
FISO Viscount
Posts: 101948
Joined: 13 Oct 2005, 18:28
Location: here
FS Record: Once led TFF. Very briefly.
Contact:

Re: Hanging up the boots

Post by murf »

Have to agree - especially as this 'hack' is not in the slightest down to anything FPL have done wrong.

wizardoffire
Dumbledore
Posts: 5129
Joined: 09 Apr 2013, 20:47
FS Record: 2013/2014 FISO Hotshots league

Re: Hanging up the boots

Post by wizardoffire »

even in a drunken stupor, firstly is anyone going to make 990 transfers? I've never gotten drunk so cant really speak from experience but I can't imagine anyone is capable of doing that. They might make what 15 transfers thinking they were wildcarding but forget to activate it and take the hit. These transfers were mass planned and Im fairly confident the same transfers were done across all affected accounts at the same time to get to the hackers final desired team.

I think I have said before Id happily be given a score of zero for the affected gameweek and still have my chips and team intact, than be left with this mess.

Re: the boundary of drawing a line... clearly something this excessive and making 990 transfers is enough to make an exception?

User avatar
Mav3rick
FISO Knight
Posts: 19804
Joined: 20 Jul 2009, 20:35
FS Record: FPL: 1082, 1201, 1800, 10203

The stats are dark and full of errors.

Re: Hanging up the boots

Post by Mav3rick »

I agree and as I said, in your case when you look at the situation as a human you can see its a hack and that the team, hits and chips should be reverted to the state before the hack, with either 0 points or just scoring as if you never changed the team. You just know intrinsically that is the fair and proportionate response.

The issue just comes when you codify the rules to cater for everyone in a objective way, say you set the limit at 100 transfers, well the hackers will stop at 99, but 99 is still unfair, so maybe you stop at 50 or 20 or 10. Then someone will regret a -8 and make another 6 transfers to reach the boundary, so you have to look at logs and judge if you think it was actually the same user or not. But many people legitimately use VPNs so you'll not know the difference, it's just messy, time consuming and ultimately unenforceable, so the default position is that nobody gets a reset, except in presumably some extremely high profile cases (did FFS' Andy get his team re-instated, I think so from memory).

The MFA is a good response (shame it wasn't in play sooner) and as individuals, we can do more to protect ourselves too (Bitwarden as a password manager I can thoroughly recommend).

I do honestly think you should get your team and points reverted, but I can understand why FPL don't want to poke the hornets nest.

User avatar
andybarrell
Dumbledore
Posts: 7977
Joined: 13 Oct 2005, 18:26
Location: Southend-on-Sea
FS Record: 2013 Licence to Kill Winner
2019 S15 R2 Championship Winner
2020 FISO H2H League 1 Winner
2020 5aSide Champions (Falcons)
Contact:

Re: Hanging up the boots

Post by andybarrell »

Still top of the League......................all still to play for

23 League One Table.png
You do not have the required permissions to view the files attached to this post.

View Latest: 1 Day View Your posts
Post Reply

Return to “Fantasy PremierLeague.com (FPL)”