Recently, the World Poker Tour Amateur Poker League was invaded using an online moniker “smitt3nz”. This intrusion resulted in the leak of more than 175,000 website users’ email addresses. And the hacker gained access to their clear text passwords as well. This roster of online poker players includes some U.S. government workers.
The president of the World Poker Tour Amateur Poker League who is also it’s CEO, Kurt McPhail, joins other WPTAPL representatives in playing down the significance of the breach. The business hosts the site wptapl.com. They do acknowledge that there has been an attack on their system. But McPhail expressed to SC magazine that the obtained data is “pretty much worthless”. He claims that of all the leaked accounts, only about 50,000 have actually been recenetly active on the system.
The representatives of the WPTAPL also contend that their users accounts can not be accessed. They are protected by the fact that users do not sign into the site with their email addresses. They have usernames that are the primary means to log on to the site. The hacker has apparently not leaked these names. And McPhail has emphasized the important point that financial data of users is not stored on the servers associated with the website.
Kurt McPhail also expressed that all of the affected users are being notified. He contends that the vulnerabilities that allowed this attack are being aggressively identified. The organization is actively revising the code that was exploited in this incident.
Generally one of the primary recommendations after such a breach would be to encourage all clients to reset their passwords. This is especially critical is they have been using the same one for many online accounts. The greatest potential risk in this incident is probably not as much from the initial attack on wptapl.com. But the bigger problem could be that the hacker may have intercepted a password that the users use on many other online accounts with more valuable personal data.
Since some of the accounts belong to employees of government agencies such as the Centers for Disease Control and Prevention, the Department of Health and Human Services, US Courts, the US Federal Bureau of Prisons, the House of Representatives, the Department of Energy, and the Department of Labor, attention should be given to whether these passwords could be used to enter into their official government email accounts.