heise PlusAbo
Anzeige

More online casinos offline after data breach

After a data breach shook Merkur online casinos, other casinos with the same software are now offline.

listen Print view
An online casino is displayed on the smartphone in the hands of a man.

(Image: Marko Aliaksandr/Shutterstock.com)

2 min. read
By

After a number of Merkur Group online casinos were temporarily offline in mid-March, a number of gambling sites are once again unavailable this week. This time, it is a series of portals from individual small companies that are suspected of being illegal in Germany. Just like Merkur's online casinos, they use software from the Maltese company "The Mill Adventures". Security researcher Lilith Wittmann had previously drawn attention to massive data protection problems here.

In a post on X on March 21, Wittmann reported that around a dozen casinos with software from The Mill were offline again. According to her, the company operates a legal instance of its software as well as another for some online casinos that are not legal in Germany. The list of casinos that have recently gone offline is available to heise online. A random check on the afternoon of March 23 revealed that they are still unavailable. According to Wittmann, The Mill had shut down the illegal instance of its casino software.

"We can learn from this: research into illegal casinos works. We can take away casinos' platforms, which, in contrast to the network blocks demanded by the GGL, actually works," Wittmann commented on the process on X. The GGL is the joint gambling authority of the German federal states.

Videos by heise

Wittmann had previously caused a stir with her findings on The Mill software. Numerous data from several hundred thousand players could be accessed via the casinos' APIs. Here, a GraphQL interface also allowed nested retrievals of several objects at the same time, albeit without functioning authorization management. It was easily possible to access the players' data. Not only names and account information, but also game histories and player deposits and withdrawals. Often, information was also obtained with which the players legitimized themselves to the gambling provider: for example, ID cards and letters from employment agencies or banks. In an interview with heise online, Wittmann drew a devastating conclusion: "They didn't give a damn about the security of the players' data"

(nen)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten