According to the police, some of the victims stored their PPS log-in names and passwords in their computers and installed P2P software on the same machines. The suspects --13 men and one woman -- stole not only PPS log-in details but also the victims' mobile phone numbers that allowed them to forward SMSes containing one-time passwords and other notifications from PPS to other phone numbers, said the police.
By registering Hong Kong Jockey Club accounts to those stolen PPS accounts, the suspects -- with one-time passwords sent by PPS--were able to transfer money to other Jockey Club accounts they created, the police added.
Before reporting their situation to the police, one of the victims was informed by a bank that a large amount of money was transferred from his account while other victims found out Jockey Club accounts were registered to their PPS accounts without their knowledge, according to a media report by Chinese-language newspaper Ming Pao Daily.
Both PPS and the Hong Kong Jockey Club said the incident has nothing to do with the security of their systems.