It has been a long time since we last had a super user scandal in online poker, which is why the announcement from GGPoker came about as quite a shock to the community.
Namely, in its official release, the operator acknowledged that a player had managed to take advantage of a software vulnerability, which gave them access to the information they should not have access to.
According to the report from GGPoker’s investigation team, the player, going under the alias ‘Moneytaker69’, discovered and took advantage of this security loophole. This individual accumulated winnings totaling thousands of dollars, including winning the GGMasters tournament for nearly $50,000, before being identified and subsequently banned from the platform.
While the operator has fixed the vulnerability and announced plans to reimburse all players they identified as affected by ‘Moneytaker69’s’ activities, the story created quite a stir in the poker world, shaking the foundations of trust between players and the operator, which is an essential element of online poker.
GGPoker was quite transparent with the explanation of how it all went down, which indicates the software leak is now patched, so this particular vulnerability no longer an issue.
In the past, super user scandals were mostly generated from the server side of things, where a certain player would be given administrator privileges, allowing them access to other players’ hole card information. However, the most recent case originated on the client side.
According to the official report, the player in question was able to tamper with the GGPoker client, taking advantage of a vulnerability connected to the software ‘Thumbs Up/Down Table Reaction’ feature. On the Windows client, this particular feature utilizes the Adobe Air framework, which includes certain attack vectors that ‘Moneytaker69’ was able to identify and take advantage of.
This exploit did not give them access to other players’ hole cards, but it allowed them to see all in equities on flops and turns, giving them a massive unfair edge over other players.
GGPoker Issues an Apology and Thanks the Poker Community
GGPoker engineers identified and closed the vulnerability on December 16 and issued a patch that was meant to put a stop to the exploit. However, ‘Moneytaker69’ was already in possession of the altered client and, by blocking automatic updates, was able to continue taking advantage of the exploit.
Soon after, a security patch was issued, preventing any further data leakage inside the software, permanently closing the exploit, and also preventing users from tampering with the client in the future to make any similar changes.
By the time the exploit was identified and finally shut down, the player was able to unfairly win thousands of dollars from other players. According to GGPoker, the offending player has since been banned, and all affected players have been identified and will be reimbursed with nearly $30,000 in full within the next 24 hours. Tournament players who were affected by 'Moneytaker69’s’ actions will also be reimbursed accordingly, within the same time frame.
The operator also issued an apology to the entire poker community, realizing that an incident like this can deeply shake the trust in online poker. Following the incident, the operator has reportedly proceeded down the path of doubling their security team and hiring some of the best security professionals.