We bet some of you out there have been jonesing for some scandalous UB news. After all, since the vilified online poker room died in the fallout from Black Friday, the vast majority of the poker community’s hate has been focused on Full Tilt Poker, and rightfully so. People likely already accepted the fact that UB was awful and just chalked up any funds on the site as lost. But now, after months lacking in juicy UB news, the poker room is the center of yet another scandal.
Personal data from most, if not all, of UB.com player accounts was leaked to the public last week.
The data was posted anonymously on the Two Plus Two poker forums via a link to a website, but the same person who put up the link removed it after just eight minutes. The motives of this poster are unknown. Despite it being up for such a short time, anyone who saw it was able to save the link or even download the data, so all of the information is almost certainly in many hands at this point. Fortunately, the site which was hosting the data seems to be down, so hopefully any possible spread of the data will be slowed.
While the situation sounds horrible, it may not be as bad as it seems. While we at Poker News Daily do not have the data, the good people at Subject: Poker were able to take a look at it to see what was included. According to Subject:Poker, the following pieces of information could be found in the leaked data:
• Full name
• Screen name
• E-mail address
• Phone number
• Mailing address
• Account balance
• IP address
• Deposit methods used
• Birth date
• Account number (unique to UB; NOT bank account or credit card numbers)
• VIP status
• Affiliate status
• Blacklist status
As you can see, no social security numbers or financial account numbers were released, so the vast majority of the information is either publicly available for most people or fairly useless. E-mail addresses could be problematic, but chances are, the worst someone could do with those would be to try to gain access to a customer’s e-mail account using the other data as possible answers to security questions or passwords. While this could work and could cause customers to become victimized by criminals, it should be easy enough for people to be sure that e-mail accounts used for personal banking and other business are safe and secure and have no relation to anything having to do with online poker.
Of course, there is also the possibility that customers could get outed as online gamblers, which could be embarrassing for some, but again, this is unlikely to happen.
According to Subject:Poker, much of the data is fairly difficult to decipher, all of the columns are unlabeled, and some of the columns are inconsistent. There is a column labeled “password” in one file, but the entries in that column do not appear to be legitimate passwords.
Around 3.5 million accounts were included in the files, including 2 million from the United States, over 300,000 from Canada, over 100,000 from the UK, and a million from other countries.
This is not the first time this has happened. I posted about something similar in March 2006: https://groups.google.com/group/rec.gambling.poker/msg/98f4714e8384dac2