Global Poker leaks player kyc data & bank statements
According to a user on twoplustwo poker forums, Global Poker has been inadvertently exposing kyc documents of players which you can see the full twoplustwo poker thread here. The issue came about when user zikzak noticed his documents were stored on a Zenesk server that was accessible by anybody that had access to the URL. In theory, users could start guessing URL combinations to see if they could uncover folders containing player documents that would include proof of identity, proof of address and banking statements .
Twoplustwo forum user zikzak noticed the issue and made the following post:
I just received a customer satisfaction survey (lol) about my cash out. It included the file name of the bank statement I sent to Global which DIRECTLY LINKED TO THAT DOCUMENT ON A NON-PASSWORD PROTECTED WEB SITE. YOU PUT MY BANK STATEMENT ON THE OPEN WEB ARE YOU ****ING INSANE?
A representative of Global Poker with the twoplustwo handle GlobalPoker_Joey, replied on the same day:
Hey guys, I have just seen this. Not something I have heard of before but I appreciate it is definitely something that players need clarity on. I will look into this for you and find a response. Joey
It appears that companies that use Zendesk either need to pay for the feature to password protect these KYC documents or simply that Global Poker needed to enable the feature on Zendesk which they did about a day after being informed of the security breach.
Global Poker's GlobalPoker_Joey posted a day later:
Hey guys, I just got the following response from our Information Security and Data Protection Team. --------- Thank you for bringing this matter to my attention. The only way another person could get access to your details is by you sharing your private URL string with them. There is no way the file can be accessed without a player sharing that URL string. The URLs have never been shared by us and are held securely. That being said now that this issue has been raised we have added an additional security measure which means players will need to log in to their account each time they access a unique URL string. This provides an additional layer of protection to players who either accidentally or intentionally share their unique URL string with others. Once again, thanks for bringing this to our attention. ------- Hope this helps Joey
About Global Poker
Global Poker is part of VGW Holdings who are also involved in the management of Chumba Casino. The company listed on their website is VGW RMG Malta Limited and has a copyright dating back to 2002. The company holds a Malta Gaming License and appears to have no affiliate program. Players don't seem very happy with Global Poker over this issue. Global Poker appears to not be associated with Global Poker League. To learn more about the Global Poker League you can read an interview of Eric Danis from GPL on cardplayerlifestyle.com
Lack of attention from Global Poker
Certainly, Global Poker has to be accounted for all the data that was leaked during that period of time.
Even though the issue was taken care of after 24 hours of being pointed out, it is unsure as is actually possible for any person in the world to access the KYC data without having to make use of a password or any security measurement.
Sadly, this has left a high number of players anxious and concerned about the possibility of other people having their private information on their hands.
What the leak actually means for the players
The leak of the KYC means trouble in a lot of ways for anyone that has suffered from it, which is why this issue has gotten so much attention within the Global Poker community.
The reason for this is that the KYC information contains extremely relevant and private data such as the player’s real name, address and bank statements that could be seized for fraudulent acts.
Such fraudulent acts could signify a huge loss of money for the players, since it is a lot easier for anyone to hack into their accounts and make transfers on their behalf.
Will Global Poker suffer any repercussions?
Considering the fact that the problem was solved 24 hours before it was known to the public, the chance of Global Poker suffering repercussions has not been discussed all that much.
At this time, there is no public information about an authority penalizing the site or a user suing the betting company for the leaking.
However, this issue has surely worried a high number of players on the platform.
Many of them have decided to stop gambling on the platform. They think of this leak as a red warning that it is not trustworthy at all, so it is not a wise decision to keep on betting on Global Poker.
As a result of this, Global Poker has lost many players in a short period of time.
Moreover, the number of transactions requested on the platform has decreased incredibly, causing the site to start adding new offers and features that could allure the players to bet on betting platform regularly.
Will this security inattention cause problems for Global Poker in the future?
As of this time, it is quite difficult to tell, but it is fair to think that an issue such as this one cannot go unobserved at any occasion.
Currently, Global Poker is available in the United States (except for the state of Washington) and Canada (Except for Quebec).
No information has been given over the possibility that some states may block the use of Global Poker due to this leak.
Furthermore, it is possible that acquiring the license to offer gambling services in new jurisdictions gets more difficult for the platform since the authorities will not find it suitable due to this scandal.
Leaking of KYC is very common on the industry
Unfortunately for players worldwide, the leaking of KYC data is quite common to see ever since online gambling started rolling out in all corners of the planet, so be careful.
Most of the time, the leaking of this data happens with the intention of selling the information given by the players.
A lot of fake online casinos sell the data on the black market to increase their earnings exponentially without caring about the safety of the players.
Normally, once this data is sold, it is used for any fraudulent act you can think of so that the real abusers are not blamed for their actions at any moment.
Many players have been surprised with visits from the police and other authorities due to their personal information being used for robbery, theft or any kind of misconduct when in reality, they were completely innocent.