I haven’t really checked back recently since writing my posts on unsafe poker rooms that fail to encrypt your personal information but Brian over at MattahFahtu did take the time to check ‘em out and it looks like they’ve finally gotten around to correcting the problem.
I guess what really cooks my goose on this is that someone made a conscious decision to do this. This isn’t a case where you have two distinct pieces of software for .Net and .Com. Here was a piece of software that encrypted your password if you had a real money account and left your password completely exposed if you hadn’t made a deposit yet. In other words, you had code that looked something like this:
if(realmoney) {
encrypt_and_store();
} else {
just_store();
}
What possible purpose would there be in not encrypting the password? You had to go out of your way not to do it! In fact, if you later deposited funds, the software would presumably have to go and encrypt your password so not only did you have to go out of your way to write the unencrypted password but you had to write even more code that went and encrypted the password once a deposit was made.
Given the above, I’m going to guess this wasn’t just some rouge programmer who got lazy*. Instead, I’ve got to believe that some product manager spec’d it that way. For what goal I have no idea.
* There is one scenario where an incompetent programmer might have done this. It would be if that was his flag for whether an account was real or play money. There are at least 100 easier ways to flag that information but it is possible that is what the unencrypted value was being used for.
Related posts:
- Play Money Players Are Free to Officially Hate Me Party Poker recently announced changes to their play money games...
- Bill’s Poker Blog Exclusive Freeroll on Chili Poker After talking to the folks over at Chili Poker we...
- Luckily my husband funds my online account – Where are all the women in poker? by Robyn G For my husband’s birthday about 5 years ago, I opened...

Rakeback Report Promotions
We are pleased to offer all of the following promotions this month at Rakeback Report. Simply sign up for a valid rakeback account at a participating poker room and you will automatically be enrolled.
| August Promotions | ||||
|---|---|---|---|---|
| Site | Rake Race | Rake Chase | Points Race | Freeroll |
| Cake Poker | $60,000 | |||
| Doyle's Room | $50,000 | |||
| Cereus Poker Network* | $60,000 | $15,000 | ||
| Red Star Poker | $23,000 | |||
| Party Poker | $50,000 | $20,000 | ||
| GR88 Poker | $20,000 | |||
| Players Only | $16,400 | |||
| Minted Poker | $14,050 | |||
| Full Tilt Poker | $10,000 | $5,000 | ||
| Betfair Poker | $5,000 | |||
| Victory Poker | $10,450 | |||
| Power Poker | $10,000 | |||
| Eurobet** | $10,000 | |||
| Tower Gaming** | $10,000 | |||
| NoIQ Poker | €8,000 | |||
| Boss Media Network*** | $5,000 | |||
| Winner Poker | $5,000 | |||
* Includes Absolute Poker and Ultimate Bet.
** Includes Eurobet and Tower Gaming. May not be available to all users. Contact Us to request this offer or for more information.
***Includes Poker Heaven, Fortune Poker, InterPoker and Paradise Poker.









Hi, my name is Bill Rini and this is my poker blog. I've been blogging about poker and the poker industry since around 2003-ish. Like most people I started out playing poker as entertainment in home games whenever we wanted to sit around and smoke cigars, drink beer, and eat pizza, and needed a good excuse. I started playing online shortly after the first online card rooms opened and it wasn't long before I was playing 20, 30, or even 40 hours a week or more. One day I received a phone call about a program manager position at Tiltware which was the company that consulted to Full Tilt Poker on software development and marketing. After Tiltware I spent about 2.5 years working at Party Poker where I was the poker room manager.
{ 1 comment… read it below or add one }
I’d guess the reasoning was that it would be worthwhile to be able to look up the passwords for play money players if they forgot them, instead of forcing a password reset.