Press "Enter" to skip to content

Global Poker caught in KYC data breach

During February 2017, Global Poker which is an American poker room emerged. Global Poker is part of VGW Holdings who are also involved in the management of Chumba Casino.

global poker kyc data

One of the aspects of Global Poker which attracts customers is that it allows one to deposit via PayPal and withdraw winnings to one’s PayPal account. While this does provide short-term benefits, there are long-term negatives which do arise. The company has experienced a number of serious issues recently. A recent one involved customer data being leaked onto the internet via Zendesk. The issue is that these links to confidential player documents were not password protected but after a day of notifying the poker room, they enabled the security setting in Zendesk and fixed the problem. The security vulnerability entailed personally identifying documents of customers being accessible via the internet. Each of the documents were located on separate URL’s and could be viewed by anyone with the correct address through any browser. Documents that might have been shared include photo ID’s, proofs of address as well as bank statements.

It is difficult to tell how long the customers of Global Poker have been victims of the vulnerability as it appears to have been due to a misunderstanding which happened whilst setting up Zendesk. The matter was first brought to attention by a user on Twoplustwo named “zikzak”.

His original post identifies the problem:

“I just received a customer satisfaction survey (lol) about my cash out. It included the file name of the bank statement I sent to Global which DIRECTLY LINKED TO THAT DOCUMENT ON A NON-PASSWORD PROTECTED WEB SITE.

YOU PUT MY BANK STATEMENT ON THE OPEN WEB

ARE YOU ****ING INSANE?”

On June 21st 2018, he posted the following: Many users seemed to find it hard to believe that there were flaws within the systems of Global Poker and some even suggested that the issue may have been due to an error on the part of the user (zikzak). However, other users also pointed out that their own personal data could be viewed from non-logged in browsers and even on devices which they had never previously used to access Global Poker. Global Poker have since resolved the problem after being made aware and changed settings which needed to be changed.

About 10 hours after the original complaint was raised, ‘’GlobalPoker_Joey’’ responded and said that he was looking into the situation. He eventually made the following post:

“Hey guys,

I just got the following response from our Information Security and Data Protection Team.

———
Thank you for bringing this matter to my attention.

The only way another person could get access to your details is by you sharing your private URL string with them. There is no way the file can be accessed without a player sharing that URL string. The URLs have never been shared by us and are held securely.

That being said now that this issue has been raised we have added an additional security measure which means players will need to log in to their account each time they access a unique URL string.

This provides an additional layer of protection to players who either accidentally or intentionally share their unique URL string with others.

Once again, thanks for bringing this to our attention.

——-
Hope this helps

Comments are closed.