Personal information of what appears to be every one of the 3.5 million UltimateBet account holders was leaked on the internet on Friday. Posted anonymously on a popular poker forum, the data includes screen names, dates of birth and account balances of over 2m US account holders, nearly 0.5m Canadians and 1m accounts in other countries. Neither passwords nor credit card information was included in the data.
Buried deep in a long-running thread on poker forum Two Plus Two titled “Can we discuss Cereus specifically?”, a new poster under the name “duxtonne” posted simply “UB player info leaked” with a link to download the data. News soon hit Twitter, as posters tweeted warnings and encouraged others to spread the word. The link was removed, apparently by the poster himself, nine minutes later.
One forum moderator, Noah Stephens-Davidowitz, who obtained the information before the link was deleted, detailed on his site Subject: Poker the magnitude of the compromised information. The data includes:
- Full name
- Screen name
- E-mail address
- Phone number
- Mailing address
- Real money account balance
- IP address
- Deposit method used
- Birth date
- Internal account number
- VIP status
- Affiliate status
- Blacklist status
Only the deposit method type – such as “echeck” – was included in the data, not specifics like transactions or credit card numbers. There was no account data from its smaller sister site, Absolute Poker.
The two sites make up the troubled Cereus Network that, although briefly going offline earlier this week, is still alive despite losing nearly all of its player base following the Black Friday indictments and subsequent cashout issues. Although agreeing to terms with the DOJ in May, and announcing it had a plan to liquidate assets to repay players in October, the site still has not repaid the majority of its players.
Players who had accounts on Ultimate Bet should assume that this personally identifiable information has been compromised, and be especially vigilant with any suspicious emails or telephone calls they receive. Account holders are also advised to ensure their email address password is sufficiently secure along with login information to other accounts.