Second major online poker site has security breached

Thanks to of all people a data-mining site, PokerTableRatings.com, just before the 2010 World Series of Poker began it came to light that The Cereus Poker Network -Ultimate Bet and Absolute Poker-had insufficient encryption going from the site to the players computer. Even though the security loophole was very minor, the news sent the online poker community into a tizzy, especially since the two Cereus Poker sites were embroiled in the biggest online poker scandals in history -the Super-User account scandals.

Well PTR is at it again, and this time the guilty site is Cake Poker. The problem is the same as in the Cereus Poker case, inferior encryption. Cereus was very public when PTR broke the story back in May, and worked fast to upgrade their encryption to SSL (I’m computer illiterate, so whatever that means) and ease any concerns from their players.

In statements from COO Paul Leggette, and spokespeople such as Joe Sebok, The Cereus Poker Network explained that they were under the assumption that all of their encryption was SSL, and it seems Cake Poker is using the same reasoning: Card-room manager Lee Jones had this to say on the 2+2 Poker Forums:

Sure, when the issue came up in May, I asked our software management team. They told me that we were more secure than Cereus. When this all came to light a few hours ago and they got down into the actual code, it turned out they were wrong (as one of the senior managers just admitted to me).

Somewhere along the software ladder, there was a error of omission, commission, stupidity, documentation or some combination thereof. I’m not happy about it and neither is the manager to whom I spoke.

Furthermore, I definitely have to accept some blame here. I could have (and wished I had) pushed further on the response I got, talked to some development people about it (they’re in-house), etc.

I’m going to post an official response shortly, but believe me, I feel crappy about having said in May that we had stronger encryption than Cereus did when we didn’t. The lesson I’ve learned is to ask more harder questions when these sorts of things come up.

I owe the entire Cake poker community an apology: I am very very sorry.

Most likely Cake Poker will be hard at work upgrading their encryption over the next couple of days.

For those of you concerned about the security breaches it seems highly unlikely unless you were playing on an unsecured wireless connection, or public wireless connections. The breach occurs if there is a third-party in between your computer and the online Poker Room.