According to the police, some of the victims stored their PPS log-in names and passwords in their computers and installed P2P software on the same machines. The suspects --13 men and one woman -- stole not only PPS log-in details but also the victims' mobile phone numbers that allowed them to forward SMSes containing one-time passwords and other notifications from PPS to other phone numbers, said the police.

By registering Hong Kong Jockey Club accounts to those stolen PPS accounts, the suspects -- with one-time passwords sent by PPS--were able to transfer money to other Jockey Club accounts they created, the police added.