Heres what probably happened.
#1 - The day people arrived, someone set up a fake access point
#2 - Their access point was set up as a http/https relay. A fake epass site was installed on the local AP server. When people logged into paypal or epass, first their login & user name was captured on the local machine & then relayed onto the real epassporte site, so all you saw was a seamless login.
#3 - Several logins were stolen within the first few hours. Everyones checking their balance before they hit the bar/strip club for cash.
#4 - These new stolen logins from people at the show, were used to move the $ around in a giant loop.
Now depending on the # of logins compromised, the # of transactions those other accounts completed themselves/transferred to other accts.. And the # of days between it happening, & JFK alerting epassporte. That money could be lost in a "literal" circle jerk void forever.
Epassporte might literally have to contact 100 customers & confirm each transaction to another party.
Your not dealing with a hotel employee. Your dealing with someone that has probably been using epassporte for years & hatched a little pre-meditated scheme months ago.
In fact, I wouldn't be surprised if this has been going on for several years. Just in amounts people don't immediately notice, or don't wish to embarrass themselves in public.
I wouldn't be surprised if more people come forward in the following weeks with the same complaints.
Then again...it could have been some idiot using a xp exploit & a keylogger. Or even a lost access key social engineering trick with the hotel front desk, while your laptop sat tucked away seemingly safe.
All we can do is hope little bloodsuckers like this get caught, or karma brings them a hefty dose of the AIDS
