As the recent security scandal involving the CEREUS Network begins to fade into the e-past, at least one prominent voice in the pokerverse isn’t ready to let it go: Daniel Negreanu.

Negreanu had harsh words for CEREUS and the past operators of the poker rooms that make up the CEREUS Network, Ultimate Bet and Absolute Poker, in a recent blog post.

The PokerStars pro took exception not only with the fact that the latest flaw existed, but also with the handling of the fix, viewed by many in the community as a fumble at best. Excerpt:

This company is just a bad apple in our poker community and I couldn’t imagine supporting them in any way. I said this 10 years ago, and since then I’ve only been proven correct by the huge scandal, and then again recently when they were aware of the security hole, but chose to keep the site up and running. If you know your software can be easily hacked, isn’t that the precise moment where you shut down for maintenance and fix the issue?

Negreanu is referring to a recent security flaw at CEREUS that potentially allowed hackers to gain control of a user’s account and view their hole cards in real time. From the time the exploit was originally published on PokerTableRatings, it took CEREUS over one week to deploy a permanent fix for the issue.

An initial attempt by CEREUS to correct the problem was quickly found to be insufficient, resulting in a delay of several days before a proper fix was released.

CEREUS continued to operate during this lag, with a known and published security flaw still existent on the network. This choice has prompted criticism from several corners in the poker community, with many wondering why, in the face of this security deficiency, CEREUS didn’t choose to shutter the network until the problem was addressed adequately. Negreanu is among those wondering:

I’ve spoken to, and only heard great things about their new guy Paul Leggatt, but this is a pretty big deal in my book. Dude, if you knew about this security issue, why, why, oh why didn’t you shut the site down immediately to fix it? I thought about that overnight, and couldn’t think of even one good reason not to shut it down until the site was secured. Maybe I’m missing something, but I can’t imagine what that would be.

It’s important to note that there are (to date) no reported cases of the exploit being used to actually gain access to a player’s account (all of the PTR hacking was done on test accounts they created). Also, PTR now confirms that the original security flaw is no longer an issue following the final fix by the CEREUS Network.

That said, the fact that another massive security flaw was uncovered at UB / Absolute came as a total shock to many, as both rooms were still recovering from similar scandals that cost players tens of millions of dollars lost to cheaters who exploited security vulnerabilities at the rooms.

Negreanu had some harsh words for UB / AP pros as well. While not calling out anyone by name, Negreanu echoed the questions circulating in the minds of thousands of other players regarding how people who care about their reputation can feel comfortable being officially linked to UB or AP: “I just haven’t heard any of them explain to me how they justify that endorsement in light of what happened in the past, and then what’s just happened recently? Are you really OK with how this recent issue was handled?”

The one UB pro to really discuss the issue publicly, Joe Sebok, did so in a blog post where he sounded as if he was tiring of his association with UB:

Whether it is hand-histories, ownership issues, or security ones like the one above, often I am not in a position to directly answer them as I do not work in Costa Rica at the home offices and actually help run the company. I advise, and again, try to serve as a conduit for information to flow through when issues are brought up, but in truth I don’t often have the answers. I wasn’t with UB when many of the negative issues originally happened and thus don’t always know the answers, but I want to be able to put Paul in a position where he can answer them.

As far as we’re aware, there’s been no comment on the security issues by the two most recognizable faces associated with CEREUS, Phil Hellmuth and Annie Duke. The official response by CEREUS has been limited to statements from parent company Tokwiro COO Paul Leggett.

Read Negreanu’s blog here.



Follow more breaking stories with our poker news coverage.

Do You Have a Full Tilt Poker Account? Choose: Yes | No