In a short period of time, Ultimate Bet will release a statement regarding the rumored cheating scandal. The statement confirms that former employees had access to hole card data for a period of about 21 months. In addition, Ultimate Bet says they are going to be paying players back for their net losses to the cheating accounts.
EDIT: The statement is available here.
I was able to get an early look at the statement and Ultimate Bet agreed to answer some of my questions. I am not sure if I will be able to ask followup questions, but obviously post any questions you may have in the comments and I’ll see what I can get answered.
Here are my 10 questions and Ultimate Bet’s answers:
1. The “individuals worked for the previous ownership of UltimateBet” — does this mean they were employees of UB only pre-sale but not post-sale? Were any of them owners at any point?
All individuals involved worked for the previous ownership prior to Tokwiro acquiring in Oct 2006. We have learned through our investigation that one of the individuals involved was a liaison to UB post sale as part of the transition, but that person has not worked for the company or had access to systems for roughly a year. The previous ownership of UB was a publicly traded company and we do not believe anyone involved was an owner of the business.
2. When you say Tokwiro is pursuing legal options, does this in anyway include an attempt to have legal charges (either civil or criminal) brought against the individuals responsible?
Yes. We are reviewing all of our legal options, both civil and criminal.
3. Do you expect the names of the individuals responsible to be released at some point?
At this point, we are uncertain how the legal action will ultimately unfold. We have turned over all evidence and information to our regulatory body the KGC.
4. When you say Tokwiro is taking full responsibility, does that mean all of the refunds are coming out of Tokwiro’s pockets? Was any money able to be recovered? If nothing was recovered, do you expect to recover any at any point?
No money has been recovered at this point. All refunds are being paid by Tokwiro. Whether or not we recover any funds depends on the outcome of any legal action.
5. Obviously, people are not happy that it took such effort on the part of the players to notify UB and, for all intents and purposes, harass the site for months and months with the only response being a short statement confirming abnormal winning activity. What would you say were the biggest factors that contributed to the delay?
The most important factors that contributed to the delay were:
First, the complexity of this investigation. We are dealing with a third party software provider and previous software development shops, old versions of the database that complicated our analysis, our regulatory body and their auditors, as well as many years of data.
Second, our desire not to release information until we were certain of its accuracy and thoroughness.
Third, our priorities throughout this investigation have been to make sure the vulnerability was fixed, to make sure that we understood everything that happened. We didn’t want to make any statements before this. Now we are making a statement and refunding players, and the company will continue to do everything possible to prevent anything like this from happening in the future.
6. What sort of information can you give us on the total dollar amount in question?
At this time we are not ready to provide a specific amount.
7. Some of the account name changes happened post-sale. This seems to mean that some of these employees were still involved in the AP-UB enterprise. Either that or they still had friends willing to help them out. Assuming these employees have been fired, when were those responsible for the name changes fired and what sort of further action does Tokwiro have planned?
Unfortunately, some of the account name changes did happen post sale. One individual who was employed by the previous ownership appears to have aided the perpetrators by changing account names. This individual served as liaison to UB through a transition period post sale. After the transition period, this individual continued to send name change requests to our customer service department. The person has not been involved with the company for approximately a year and we have since implemented a no name change policy.
8. I’ve been helping you a little with the Security Center for UB — I think it’s going to be a great tool when it’s finished. When do you reasonably expect it to be ready? Will it apply to both AP and UB?
This Security Center application is a top priority for Tokwiro and this will be used for both AP and UB. We expect the first release to be in production in 6 to 8 weeks.
9. Are you going to have the entire software source code reviewed for any other loopholes? While GA says this loophole is gone, it certainly seems possible that there are other loopholes that current management might not know about.
Gaming Associates has confirmed that the vulnerability has been permanently removed. We are confident that the site is entirely secure. Currently, Gaming Associates is in a continuous audit.
10. If I recall correctly, the AP refunds were completed in under one week (or something close to that). Do you expect the same sort of speed here? Also, will the refunds carry interest in the same manner as the AP refunds?
We expect to have all refunds completed within several days. Tokwiro will be refunding players their net loss for every hand played against the cheating accounts without interest.