Privacy settings

We use a number of cookies on our website. Some are essential, while others help us improve our portal for you.

Privacy settings

Here is an overview of all the cookies we use. You can choose to accept whole categories or view more information and select only certain cookies.

Essential (6)

Essential cookies enable basic functions and are necessary for the website to function properly.

Statistics (3)

Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website.
If the statistics cookies are subsequently deselected, they will remain on the computer until the expiry date. However, they are neither updated nor evaluated.

Online Casinos in general: Hacker attack on Merkur Bets (Page 22)

Topic created on 14th Mar. 2025 | Page: 22 of 22 | Answers: 319 | Views: 25,214
frapi07
Elite

Hacker attack on Merkur Bets

15th Apr. 2025, at 06:00 pm CEST#317
5 Likes
gamble1 wrote on 15.04.2025 at 16:12:

I received an overview from The Mill today of what data was affected. They write that as far as they know, no one except the white hat hacker had access to the data, but they can't guarantee that.

Yes, that's also the next problem. Of course you can't guarantee anything. But the stalls claim that no one else had access to it. They couldn't possibly know that. You can also find statements (or emails) here where they write false facts. I don't want to imply whether this is done deliberately, but it has already happened to some people here. Example: GGL would have discovered this security gap, the hacker did not want to misuse the data (although the misuse had already taken place).

I'm not an IT expert, but I'm interested in how the hacker did it. We read that a GraphQL of an API was the cause of this vulnerability. This GraphQL had inadequate authorization, which allowed the data to be retrieved. So it wasn't an infiltrated virus, a Trojan or a phishing email, no - it simply wasn't secured well enough.

Maybe I'm a noob, but I think that every computer scientist has worked with GraphQL or has already dealt with it. I've read that many companies use it, precisely because GraphQL is very efficient at querying data. I don't want to put my hand on the fire, but I think quite a few could have abused this loophole.

This post has been translated automatically

Comingsoon19
Experienced

Hacker attack on Merkur Bets

16th Apr. 2025, at 11:28 am CEST#318
1 Like

Liked this post: Avatar von frapi07 frapi07
frapi07 wrote on April 15, 2025 at 6:00 pm:
Yes, that's the next problem too. Of course you can't guarantee anything. But the stalls claim that no one else had access to it. They couldn't possibly know that. You can also find statements (or emails) here where they write false facts. I don't want to imply whether this is done deliberately, but it has already happened to some people here. Example: GGL would have discovered this security gap, the hacker did not want to misuse the data (although the misuse had already taken place).

I'm not an IT expert, but I'm interested in how the hacker did it. We read that a GraphQL of an API was the cause of this vulnerability. This GraphQL had inadequate authorization, which allowed the data to be retrieved. So it wasn't an infiltrated virus, a Trojan or a phishing email, no - it simply wasn't secured well enough.

Maybe I'm a noob, but I think that every computer scientist has worked with GraphQL or has already dealt with it. I've read that many companies use it, precisely because GraphQL is very efficient at querying data. I don't want to put my hand on the fire, but I think quite a few could have abused this loophole.


Hello,

I come from the IT industry and yes, with expert knowledge, anyone could have done this. It was not a direct hack. The data was visible to anyone with some experience due to the gap in the interface. But it's really not easy to exploit this error.

And there really are these "hackers" who point this out positively without any ulterior motives or blackmail etc.


This post has been translated automatically

frapi07
Elite

Hacker attack on Merkur Bets

16th Apr. 2025, at 01:19 pm CEST#319
1 Like

Liked this post: Avatar von Danny0815 Danny0815

Comingsoon19 wrote on April 16th, 2025 at 11:28 am:

Hello,

I come from the IT industry and yes with expert knowledge anyone could have done this. It was not a direct hack. The data was visible to anyone with some experience due to the gap in the interface. But it's really not easy to exploit this error.

And there really are these "hackers" who point this out positively without any ulterior motives or blackmail etc.



Thank you for the answer. I know that there are good and bad hackers.

I just wasn't 100% sure whether GraphQL can be used by just about any computer scientist, or whether advanced training or the like is required. I assume it's part of the basic knowledge (just because it's supposed to be very good). However, as I have neither trained nor studied in this field, I could only guess.

I wondered about this for one simple reason: you want to give the impression that this vulnerability is extremely difficult and that hardly anyone could discover it. But your answer told me that it's not what they want to make it look like.

This post has been translated automatically

Danny0815
Visitor

Hacker attack on Merkur Bets

16th Apr. 2025, at 05:55 pm CEST#320
0 Likes

Nobody has liked this post so far
"CrazyBuzzer BECOMES SLOTMAGIE"
I don't know if there is a connection. Does anyone know if this has been planned for some time?
A merger like this usually involves cost savings.
The "war chest" needs to be filled.

Danny0815

This post has been translated automatically

frapi07
Elite

Hacker attack on Merkur Bets

16th Apr. 2025, at 06:33 pm CEST#321
0 Likes

Nobody has liked this post so far

Danny0815 wrote on 16.04.2025 at 17:55: "CrazyBuzzer BECOMES SLOTMAGIE"
I don't know if there is a connection. Does anyone know if this has been planned for a while?
A merger like this usually results in cost savings.
The "war chest" needs to be filled.

frapi07

It was probably planned for some time. Could be a coincidence, but in 2023 the sponsor for the GJ Advent calendar was still Crazybuzzer. In 2024 it was then Slotmagie.

This post has been translated automatically

Hot Topics16th Apr. 2025 at 07:51 pm CEST

Online Casinos
0
Miscellaneous
0
Miscellaneous
0

GambleJoe Team

Profile picture of JulianJulian
Community-Manager / Complaint SpecialistProfile picture of CounterCounter
Software developerProfile picture of MatthiasMatthias
Project manager
Profile picture of DanielDaniel
Founder

Community Forum-Moderators

Members who assist the GJ team in moderating the forum.
Profile picture of AndreAndre
Profile picture of gamble1gamble1
Profile picture of Langhans_innenLanghans_innen
Profile picture of SaphiraSaphira
GambleJoe is aimed exclusively at user whose allowed to play legally with his current location in online casinos and does not violate the current law.
It is the responsibility of the user to inform himself about the current legal situation. Gambling is prohibited for children and adolescents under the age of 18.
GambleJoe is a registered trademark with the EUIPO of GJ International Ltd.
© 2012-2025 GambleJoe.com

Forgotten your password?

Create a new password here

  • 1. Fill in the 3 fields carefully and click on the green button
  • 2. Check your email inbox for a message from GambleJoe
  • 3. Click on the confirmation link in the email and your new password will be active immediately