According to a user on twoplustwo poker forums, Global Poker has been inadvertently exposing kyc documents of players which you can see the full twoplustwo poker thread here. The issue came about when user zikzak noticed his documents were stored on a Zenesk server that was accessible by anybody that had access to the URL. In theory, users could start guessing URL combinations to see if they could uncover folders containing player documents that would include proof of identity, proof of address and banking statements .
Twoplustwo forum user zikzak noticed the issue and made the following post:
I just received a customer satisfaction survey (lol) about my cash out. It included the file name of the bank statement I sent to Global which DIRECTLY LINKED TO THAT DOCUMENT ON A NON-PASSWORD PROTECTED WEB SITE. YOU PUT MY BANK STATEMENT ON THE OPEN WEB ARE YOU ****ING INSANE?
A representative of Global Poker with the twoplustwo handle GlobalPoker_Joey, replied on the same day:
Hey guys, I have just seen this. Not something I have heard of before but I appreciate it is definitely something that players need clarity on. I will look into this for you and find a response. Joey
It appears that companies that use Zendesk either need to pay for the feature to password protect these KYC documents or simply that Global Poker needed to enable the feature on Zendesk which they did about a day after being informed of the security breach.
Global Poker's GlobalPoker_Joey posted a day later:
Hey guys, I just got the following response from our Information Security and Data Protection Team. --------- Thank you for bringing this matter to my attention. The only way another person could get access to your details is by you sharing your private URL string with them. There is no way the file can be accessed without a player sharing that URL string. The URLs have never been shared by us and are held securely. That being said now that this issue has been raised we have added an additional security measure which means players will need to log in to their account each time they access a unique URL string. This provides an additional layer of protection to players who either accidentally or intentionally share their unique URL string with others. Once again, thanks for bringing this to our attention. ------- Hope this helps Joey
About Global Poker
Global Poker is part of VGW Holdings who are also involved in the management of Chumba Casino. The company listed on their website is VGW RMG Malta Limited and has a copyright dating back to 2002. The company holds a Malta Gaming License and appears to have no affiliate program. Players don't seem very happy with Global Poker over this issue. Global Poker appears to not be associated with Global Poker League. To learn more about the Global Poker League you can read an interview of Eric Danis from GPL on cardplayerlifestyle.com
