Last week, a hacker who uses the online moniker smitt3nz leaked the email addresses and clear text passwords of more than 175,000 World Poker Tour Amateur Poker League (wptapl.com) users, including some US government workers.
WPTAPL representatives have admitted that their systems have been breached, but they’re downplaying the impact of the attack.
Kurt McPhail, the president and CEO of WPTAPL, has told SC Magazine that the information is “pretty much worthless.” He says that only around 50,000 of the leaked accounts are still active.
Furthermore, the WPTAPL accounts of these users cannot be accessed because customers don’t sign in with their email addresses, but with usernames, which haven’t been leaked by the hacker. He has also highlighted the fact that financial information is not stored on the website.
McPhail says that impacted users are being notified and the vulnerabilities exploited by the hacker are being patched.
Hopefully, the organization is telling customers to change all their passwords if they’ve been using the same one to protect all their online accounts. Their WPTAPL accounts might be safe, but since many people utilize the same password for all their accounts, the breach could be problematic.
Some of the leaked email addresses appear to belong to employees of the US government, including the Centers for Disease Control and Prevention, the Department of Health and Human Services, US Courts, the US Federal Bureau of Prisons, the House of Representatives, the Department of Energy, and the Department of Labor.
If they’ve been using the same passwords for their official email accounts, cybercriminals could easily compromise them. Since the details haven’t been posted on Pastebin, where sensitive data is usually removed within hours after being published, the leaked information is still online.