That is a shocking lapse of security testing and game integrity.
I remember when ggpoker first came into the limelight a few years ago, there were a "jaded" vocal minority who warned about their past conduct and understandably were concerned the company were trying to rebrand to shake off their past.
(surfaced on the triggering 2+2 thread) was published
eleven months ago suggesting their security wasn't up to scratch - he demonstrated that core communications were unencrypted, chat messages were leaking real names, and clients were not doing sufficient validation on the data (e.g. a client would believe a tampered message that a player had folded, when they had not).
Clearly someone decided to try the "what if" and started ripping apart the client and found
a lot more than they bargained for. When a security lapse as the one mentioned at the start of 2023 happens, a prudent operator would realise their security is not up to scratch and do an extensive and external audit. That we are nearly a year on and they've been caught with their trousers down again is pretty damning. Their attempts to throw Adobe Air under the bus - a product which was sunset in 2019 - is laughable.
The 2+2 community have been throwing up a list of accounts they suspect may be doing similar - accounts winning 25bb/100 to 35bb/100 over 10k+ hands where 2bb/100 to 5bb/100 is the norm, frequently stopping in the 10k-20k hand range perhaps to avoid detection. Anyone who believes this is a single isolated account would be incredibly naïve - it's much more likely this was someone trying to expose the exploit so they
wanted to get caught...
It's frustrating that ggpoker are trying to downplay it by mentioning hole cards weren't exposed - that's irrelevant and gaslighting the community, because the equity not only provides a way to backsolve for approximate ranges (good enough), but with that information
you don't need hole cards because you can play binary poker based on the equity calculation... you'd have bad beats but you would
never need to put the money in bad.
The next few weeks are going to be very interesting, particularly as their initial response has been so poor. Also to close, a PSA:
Any funds you deposit with the Company will be held in a segregated bank account in the name of the Company. The funds in the segregated account are not protected in the event of insolvency. This meets the Gambling Commission’s requirements for the segregation of customer funds at the level: Not protected.