Customer Bank Statements and KYC Data Leaked by Global Poker

[PROFRBcom]

Some of you may have heard of Global Poker. It is a company pushing hard in the USA right now and offering PayPal deposits and payments to players. They even had a talk at the London Affiliate Conference. They bill themselves as a play money sweepstakes company who also just happens to provide real money gaming in disguise, somehow "legally".

In any case, this company, Global Poker, has had a number of issues lately. The most recent one however involves leaking customer data on the Internet via ZenDesk. They did not password protect the account information, and as such, customer KYC data was openly accessible online. In fact, it was discovered by a poster on 2+2:




Come to find out, that this information has been exposed for quite some time. Over a year in fact! The flaw has been fixed now but damage has certainly been done to their brand.

Online sweepstakes poker site Global Poker has just fixed a security vulnerability whereby customers' personally identifying documents were accessible on the web. Each document was located at a separate URL, and anyone who had the correct address could view it in any web browser.

The files in question were hosted through Global Poker's ZenDesk support platform. ZenDesk is a vendor of popular software applications that provide interfaces for customer support ticketing, knowledge base searching, and secure document storage among other features.

Full write up on the scandal can be found here: https://professionalrakeback.com/cus...t-global-poker

[Triple7]

It's a known Zendesk issue, but they don't seem to care.

GDPR causes a lot of work for us all, but data is still leaked massively.

[PROFRBcom]

It's a know Zendesk issue, but they don't seem to care.

GDPR causes a lot of work for us all, but data is still leaked massively.

It's actually incompetence on the part of Global Poker. They only needed to click one tick-box and they could have limited all the data to only being accessible by players when logged in, as opposed to completely open and not protected by at least a password!

[sweetbet]

Come to find out, that this information has been exposed for quite some time. Over a year in fact! The flaw has been fixed now but damage has certainly been done to their brand.

That's crazy. I hope no one's bank account was hacked due to this company's incompetence.

[Vargoso]

Shady from GlobalPoker, not to mention the recent change from Paypal to another payment system without noticing the players.

Also, the Global answer in the 2+2 forum was something like if some document was actually leaked was because of user fault...come on!

[Triple7]

It's actually incompetence on the part of Global Poker. They only needed to click one tick-box and they could have limited all the data to only being accessible by players when logged in, as opposed to completely open and not protected by at least a password!

But why there's that option? I saw exactly the same thing before at a licensed Belgian casino. Player uploaded KYC stuff, sent me the link and I could access all his documents easily.