A British hacker who pilfered billions of Zynga’s virtual poker chips faces years behind bars
A 29-year-old gambler from Paignton, Devon, has been sentenced to two years in jail after hacking into an online gambling site and stealing billions of poker chips.
Ashley Mitchell admitted to hacking into the servers of American gaming company Zynga Corporation in 2009 and making off with $12 million (£7.5 million) worth of gambling chips.
Exeter Crown Court’s judge Philip Wassall said the hacker had deliberately “exploited” security weaknesses he had found in Zynga’s website.
“People rely on computer systems,” said Wassall, “Anyone who has managed to get into these systems for their own ends should expect a stiff sentence.”
Mitchell was handed a two-year prison sentence for computer misuse and money laundering. In 2009, he broke into Zynga’s main servers and stole the account details of two staff members, before transferring four billion virtual chips to his own account.
Using a false Facebook account, the hacker had sold around a third of the stolen chips at discounted price on the social-networking site, where he reaped around £53,000 from online players. If he had managed to sell all the chips, Mitchell would have earned around £184,000, according to prosecutor Gareth Evans.
However, the hacker was said to be “wrestling with a gambling addiction” at the time of the offences, according to his defence solicitor Ben Derby. At one point, he was spending £1,000 a day on gambling websites.
Besides his two-year prison sentence, Mitchell also faced an extra 30 weeks for breaching an earlier suspended sentence for hacking into the network of his previous employer Torbay Council in 2008, where he made off with £3,498.
Hacking branded major issue
To curb the trend, the company is implementing new security measures, including asking extra security questions when the account is logged into from an unusual location, and notifying users by text or email if a new device is used to log into their account.
Moreover, Facebook has also added a one-time password feature as part of an effort to address account security, where a text message containing a one-time password is sent to users concerned about working on machines other than their normal computers.
Last year, a number of Facebook users fell prey to a bogus “dislike” button application that tricked users into spreading messages via their status updates.
Two versions of the scam have been reported by Sophos. The messages include the text: “I just got the Dislike button, so now I can dislike all of your dumb posts lol!!” or “Get the official DISLIKE button NOW!” followed by a link.