Bodog Poker’s Anonymous Software Breached and Fixed
Bodog Poker’s recent launching of new software that removed screen names of players to conceal player identities and protect recreational players by preventing more skilled players from obtaining information through HUDs and various other data mining sites was breached by a hacker from a website that sells hand histories, and eventually corrected by Bodog.
HH Smithy, the company that offers players hand histories for use in tracking player data, released a video on the internet showing how Bodog’s software was able to be compromised. In the video, narrated by hacker Kyle Boddy, account numbers of opposing players were obtained. Once a player is identified with an account number, the unscrupulous hacker can again use poker-tracking software to keep records of each player.
Several Bodog Poker players were worried about the security breach and emailed support at Bodog for an explanation. Here is the email that Bodog sent to its concerned players:
Thank you for contacting Bodog Poker Customer Service.
It’s very understandable if our players are very concerned about the security of their accounts because of this video that has been posted on the Internet but we are assuring all of our players that all your account information is secured. We are aware of this video and we are investigating looking into this.
As per the anonymity of our poker tables, for the vast majority of our players, they will not know who they are playing against as they can’t see a screen name or account number while at the tables; however, if someone wants to and has the technical skills to develop the software you saw on the forum they are able to — we are confident this will only be pursued in very isolated cases between now and a future upgrade which will prevent it from working.
If you are worried about the security of your account, having access to an account number is similar to having a screen name in the past. You still must have a password or the answers to your private security questions in order to access any personal or banking information.
HH Smithy claims that Bodog is guilty of violating a major tenet of information technology security procedures by trusting the client with such sensitive or proprietary information. Never trusting the client is
a simple concept that novice coders learn early on when writing database calls and a web form, according to an article on the HH Smithy website.
In a light-hearted article posted on the Bodog website regarding the video, Bodog points out that 99.9% of the population wouldn’t have a clue how to hack into software and jokingly thanks Boddy for exposing the glitch in the new Bodog Poker software featuring anonymous tables, saying that
the exploit was a simple fix that the Bodog Poker technicians were able to repair overnight.
Bodog released the following statement regarding the hack job and ultimate repair:
The talents of the online poker community have been enormously helpful in testing the new software we have released. Obviously, any release has its teething problems and equally obviously we take any fault very seriously and we have released an update we are confident have addressed the most pressing issues.
In a comment posted in reply to his writer’s article, Bodog founder Calvin Ayre pointed out that computer hacking is a criminal offense, but that Bodog had no intention of pursuing that avenue, saying that the anonymous table software issue has created a great deal of passion among poker players and that, ultimately,
we all essentially want the same thing, a healthier poker industry.