If you attempt to login from another computer, WPN lets you -- the existing connection is simply terminated (at least, this has been my experience). So, they could go back and forth just booting each other off.

I cannot believe that this is true, like surely not.

What about the sweet tea?

Wow, if true.

They hit 15, other hands until they bust. Saw the screenshot sent to Mitch/David at the end.

Yes, this is what happened. Funny thing is ACR sponsored him but didnt tell him to hide the url...

All those blaming him, what if he had buds over for drinks, and lolz while degening it up in the casino. Someone wants to record big win (we do it all the time), wala, they have his token. THAT, my friends, is a security problem. Is there anywhere from the past that shows can not have casino browser open in front of other people? They require keep password, etc, safe, no one said anything about browser url. What about recs?

I think the word you're looking for is "voila"

lol. wala works for moi.

I genuinely cannot believe that their "security" is so awful that anyone with the URL can gain access to the account. The idea that an adult human professional would program this in this manner is completely bananas to me - it obviously implies that they have no encryption of your login if you can simply copy it in plain text like this. That's completely nuts, and if true, is newsworthy as an epic security fail, not just in the online poker world.

Can someone please do the below?

A YouTube video or similar would be best!

Agreed. I can guarantee that Ignitions encryption is really good (though I am sure someone could hack it, but copy and paste no work).

jesus. I can confirm I just did this and it allowed me to play straight away. no video though sorry.

Then my advice is don't forward anyone a GG bet email with a button linking to a promotion.

I highly doubt that you can access the account by just putting in the URL. That would be absolutely ridiculous.

Somebody posted that he had a password from a different login visible during the stream and that one worked for his ACR, too. That explanation sounds more likely to me.

Either way, it should be easy to find out who is responsible for that. I am curious how ACR would react if it was his fault. There should be serious consequences if you broadcast your login data and allow for underage/barred viewers to access your account. If it’s ACRs fault, I hope they refund him the money and fix that situation immediately.

well I literally just did this. I opened it up on my phone after e-mailing myself the URL from my computer. My phone was not on WiFi, just cellular network. and I was not logged in to the ACR website on my phone (I don't even know if they have a mobile site for it). But it popped up straight away and allowed me to choose games and then told me my balance and everything.

Wow, thats unbelivable!

[ ] math checks out.


I'm with josem. kind of hard to believe. even on a crap site like ACR

Yeah. Seems too crazy to be true, but it is true. I was shocked when I was able to use the link on another device to open the casino.

I believe it doesn't necessarily imply that the user/pass is not encrypted. If you wanted to program horribly, when you first login through the client (which presumably is encrypted), the client could create a unique sessionID or something and send that sessionID to the server. Then when you click to open the sports betting/casino area, it would verify that the sessionID your client passes matches an existing sessionID from a logged in user. Now obviously doing only this and passing the sessionID in the URL is ridiculously stupid. At a very minimum, you'd want to also make sure the IP address from the logged in user matches the IP address from the person accessing the sports betting page. This still wouldn't be enough (but at least better), but I'm mainly trying to show that the user/password could still be encrypted. You might be aware of this, but I was hoping to provide better explanation of what might be happening.

BTW, nobody should blame mitch Jones, as it's completely unreasonable to expect that a url is enough to gain access to your account.

I agree that that is possible (even likely?), separately from what I was getting at before.

I've now learned that TLS/HTTPS does encrypt the URL, so at least a potential hacker would need to view your screen (in some detail) rather than just be on the same/upstream network from you.

He would be thanking him had he went on a BJ heater

girlfriend - "you lost all your money? you got scammed!"
guy that just got scammed - "stfu dumbass it's not a scam!"

The scammer was intentionally losing the money.

Add this as reason #147637467565 to not ever contribute rake or action of any sort to WPN. Seriously degens, nut up and go to a different site or start live crushing.

Um, they kept hitting on every hand until bust Someone emailed him screen shot in video. It shows how they kept hitting every hand until bust.

It is 750 a hand if you play 3 spots for $250. The screen shot clearly shows this. Around 11:16 in video.