The talk of the Internet has been centered around the Heartbleed bug lately, which is widely regarded as the biggest Internet security issue in history. Any site using OpenSSL software is subject to hackers who are seeking personal information and passwords. Most online poker and gaming sites are at risk, as more than 500,000 secure servers are possible targets of the bug.
PokerStars, speaking on behalf of itself and Full Tilt Poker, was quick to examine the problem and issue a full statement on the issue to alert customers as to the likelihood, or lack thereof, of problems. SkyPoker did post a statement on its website as well, but the majority of online poker sites have yet to respond to players’ concerns.
What is Heartbleed?
Heartbleed is a flaw in OpenSSL software, which was revealed by the security team at Google but can affect every server using OpenSSL. The US government has been affected, as well as companies like Facebook, Yahoo, and many others.
It is estimated that approximately 17 percent of secure servers on the Internet were vulnerable to the bug by the time a fixed version of OpenSSL was offered on April 7, 2014. Sites must run tests of their servers to determine if users’ private information, including cookies and passwords, was hacked or had the potential to be hacked. Companies must also use the fox to erase the vulnerability, but users must also take the responsibility to change their passwords on popular websites. CNET and others have released lists of sites that were most affected.
How is Online Gaming Affected?
According to one report that used the Qualys SSL Lab Test, companies like payment processor Skrill and some VPN services did have security flaws that could have exposed their users to the bug. Skrill responded with a message to users that “all relevant systems at Skrill have been updated and are protected from this threat.” However, customers were advised to change passwords in case that they were exposed to the bug prior to the fix.
PokerStars was quick to issue a statement on the issue. Director of Information Security Rob Withington reported that “at no stage were our downloadable clients on either PokerStars or Full Tilt Poker vulnerable to this issue at any time.” All encrypted data on desktop and mobile clients was secure at all times, which included player account information, passwords, and financial transactions.
PokerStars went on to explain that Full Tilt Poker’s software does not use the affected versions of OpenSSL, and PokerStars doesn’t use the Transport Layer Security protocol, which was the one at risk. Even so, the play-money Facebook version of PokerStars was vulnerable before the April 7 fix was applied. “It is unlikely that anyone took advantage of the vulnerability in this situation,” as there was no real money involved in any of those Facebook transactions.
SkyPoker was another of the few online poker sites to address its users. The company noted that it regularly tests for vulnerabilities like the Heartbleed bug and retested when this particular bug became an issue. “We can confirm that SkyBet is not, and has not been at any point, vulnerable to this security issue…” Players have only been advised to change their PINs if they share them with other sites that may have been vulnerable.