Privacy settings

We use a number of cookies on our website. Some are essential, while others help us improve our portal for you.

Privacy settings

Here is an overview of all the cookies we use. You can choose to accept whole categories or view more information and select only certain cookies.

Essential (6)

Essential cookies enable basic functions and are necessary for the website to function properly.

Statistics (3)

Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website.
If the statistics cookies are subsequently deselected, they will remain on the computer until the expiry date. However, they are neither updated nor evaluated.

Online Casinos in general: Hacker attack on Merkur Bets (Page 4)

Topic created on 14th Mar. 2025 | Page: 4 of 22 | Answers: 317 | Views: 25,069
Benno444
Visitor

Hacker attack on Merkur Bets

14th Mar. 2025, at 06:09 pm CET#46
0 Likes

Nobody has liked this post so far
What does that have to do with it? But it is very interesting. Thanks for the info.

This post has been translated automatically

Butterbrezel
Elite

Hacker attack on Merkur Bets

14th Mar. 2025, at 06:23 pm CET#47
0 Likes

Nobody has liked this post so far

AlphaFin wrote on 14.03.2025 at 17:51: I just noticed that the hacktivist Lilith Wittmann has confessed to this, I just read on her X, she will reveal more details about this in a moment... At least it doesn't seem to be anything malicious, I hope we take more care of our data after this anyway.

Awesome. If she's really using this as a warning, respect and a great achievement.


Since she has admitted it herself, the chances of the data from this hack being misused are extremely low.

This post has been translated automatically

Donnie
Elite

Hacker attack on Merkur Bets

14th Mar. 2025, at 06:30 pm CET#48
0 Likes

Nobody has liked this post so far

AlphaFin wrote on 14.03.2025 at 17:51: I just noticed that the hacktivist Lilith Wittmann has confessed to this, I just read on her X, she will reveal more details about this in a moment... At least it doesn't seem to be anything malicious, I hope we take more care of our data after this anyway.

And how are you supposed to look after your data if you have to verify yourself with casinos/bookmakers? It's up to them to protect it. Sure, you shouldn't register or play in some Curaçao crap shop, but there's nothing you can do about it anyway except create a new identity or use someone else's accounts

This post has been translated automatically

DieWunderharke5000
Expert

Hacker attack on Merkur Bets

14th Mar. 2025, at 07:25 pm CET#49
0 Likes

Nobody has liked this post so far

AlphaFin wrote on 14.03.2025 at 17:51: I just noticed that the hacktivist Lilith Wittmann has confessed to this, I just read on her X, she will reveal more details about this in a moment... After all, it doesn't seem to be anything malicious, I hope we take more care of our data after this anyway.

You can find the relevant article here:


https://lilithwittmann.medium.com/casinonutzer-der-merkur-gruppe-verlieren-nicht-nur-ihr-geld-sondern-auch-ihre-daten-ef6710184f7c


This post has been translated automatically

AlphaFin
Visitor

Hacker attack on Merkur Bets

14th Mar. 2025, at 07:46 pm CET#50
0 Likes

Nobody has liked this post so far
It is important to note that the data was freely accessible with (appropriate IT knowledge) and it is unclear whether other, unknown persons may have accessed it. It's a real shame and I'm sure that the licensed casinos concerned will not receive a fair punishment for their unlawful data protection compliance. As described in the article, data protection and Player protection are probably the lowest priority for them, the main thing is that the money comes in

This post has been translated automatically

Stromberg
Legend

Hacker attack on Merkur Bets

14th Mar. 2025, at 08:04 pm CET#51
0 Likes

Nobody has liked this post so far
DieWunderharke5000 wrote on March 14, 2025 at 7:25 pm:

Here is the relevant article:


https://lilithwittmann.medium.com/casinonutzer-der-merkur-gruppe-verlieren-nicht-nur-ihr-geld-sondern-auch-ihre-daten-ef6710184f7c



Sick! What bunglers! Or ignoramuses, even worse... 😡


"But since the data was de facto public and Merkur only closed the gaps when they were reported by me or the GGL, it is unclear whether anyone else found the data."

Does this mean that they were de facto publicly accessible during/after the hack? Or in general, because of the poor security?

Anyway, tomorrow I'll close the accounts there, hopefully they won't "accidentally" give me an Oasis ban for it... 😆

This post has been translated automatically

frapi07
Elite

Hacker attack on Merkur Bets

14th Mar. 2025, at 08:07 pm CET#52
2 Likes

Liked this post: Avatar von Danny0815 Danny0815, Avatar von Stromberg Stromberg
DieWunderharke5000 wrote on March 14, 2025 at 7:25 pm:

Here is the relevant article:


https://lilithwittmann.medium.com/casinonutzer-der-merkur-gruppe-verlieren-nicht-nur-ihr-geld-sondern-auch-ihre-daten-ef6710184f7c



Awesome woman. I read through her wiki:

"By her own account, Wittmann dropped out of school at the age of 16 and then completed vocational training..."

You can see how bad our school system is if you can't support and challenge people like that.

I think she didn't take advantage of it because she knows that this action can achieve a lot for her career.

She is well known. At least this wasn't the first time she's done something like this

Gap in CDU app: party embarrasses itself with complaint against IT expert



Stromberg wrote on 14.03.2025 at 20:04:
Sick! What bunglers! Or ignoramuses, even worse... 😡


"But since the data was de facto public and Merkur only closed the gaps when they were reported by me or the GGL, it is unclear whether anyone else found the data."

Does this mean that they were de facto publicly accessible during/after the hack? Or in general, because of the poor security?

Anyway, tomorrow I'll close the accounts there, hopefully they won't "accidentally" give me an Oasis ban for it... 😆

As I understand it, this data was always publicly accessible, even before she found out. She could therefore not rule out the possibility that someone else had known about and exploited this vulnerability before her.

This post has been translated automatically

Benno444
Visitor

Hacker attack on Merkur Bets

14th Mar. 2025, at 08:46 pm CET#53
0 Likes

Nobody has liked this post so far
There is now also a WIKI e-entry about the case. So the data was publicly accessible the whole time. She discovered this, informed the GGL and the gap was then closed. It is not known whether anyone discovered the gap before her. But I would assume that if the vulnerability had been discovered by an evil villain, he would have exploited it immediately or sold it as quickly as possible. After all, it is clear that this loophole will become worthless sooner or later. So if no damage has been done so far, nothing will happen to you in the future either.

Even if I no longer gamble, I will still send a letter to all these shops (deletion in accordance with Art. 17 GDPR) and never want to have anything to do with them again in this life! If they don't respond, I'll follow it up with a nice complaint to the data protection supervisory authority.

This post has been translated automatically

bigbig
Experienced

Hacker attack on Merkur Bets

14th Mar. 2025, at 09:11 pm CET#54
0 Likes

Nobody has liked this post so far
It's best if we all cancel our accounts, then Gauselmann goes bankrupt and the casino is closed.

This post has been translated automatically

GambleMike
Visitor

Hacker attack on Merkur Bets

14th Mar. 2025, at 09:13 pm CET#55
1 Like

Liked this post: Avatar von Danny0815 Danny0815

slotliebe89 wrote on 14.03.2025 at 17:06:

Interesting. Has anyone had any experience with Protectra in the past? Would you then have a claim against all 3 (Merkur Bets, SlotMagie and Crazy Buzzer) or do you just join a class action?

No, I am not familiar with Protectra so far.


Incidentally, GGL has issued a public warning to the companies behind it . The background to this are various breaches of the GlüStV. Among other things, the required pentests were apparently not carried out.

This post has been translated automatically

GambleMike
Visitor

Hacker attack on Merkur Bets

14th Mar. 2025, at 09:32 pm CET#56
0 Likes

Nobody has liked this post so far

Benno444 wrote on 14.03.2025 at 20:46: There is now also a WIKI entry about the case.


Do you have a link to the entry? I couldn't find it right away. Thank you

This post has been translated automatically

slotliebe89
Elite

Hacker attack on Merkur Bets

14th Mar. 2025, at 09:49 pm CET#57
0 Likes

Nobody has liked this post so far

Benno444 wrote on 14.03.2025 at 20:46: So if you haven't suffered any damage so far, nothing will happen to you in the future either.

I think that's a bold thesis.

This post has been translated automatically

btssultan
Experienced

Hacker attack on Merkur Bets

14th Mar. 2025, at 11:32 pm CET#58
0 Likes

Nobody has liked this post so far
The article is ingenious and will certainly be very expensive for the companies involved. And lawsuits are sure to follow.

https://lilithwittmann.medium.com/casinonutzer-der-merkur-gruppe-verlieren-nicht-nur-ihr-geld-sondern-auch-ihre-daten-ef6710184f7c

And at the same time shows once again how much platforms really earn with just a few players... so much about Player protection, as I have already told GGL enough about it...

This post has been translated automatically

btssultan
Experienced

Hacker attack on Merkur Bets

14th Mar. 2025, at 11:59 pm CET#59
1 Like

Liked this post: Avatar von Danny0815 Danny0815
And I think this excerpt is great: Initial evaluations suggest that providers (except lottery) generate between 70% and 90% of their turnover with less than 10% of players who regularly spend €250 or more per month on gambling.

This post has been translated automatically

gamble1
Icon

Hacker attack on Merkur Bets

15th Mar. 2025, at 07:11 am CET#60
0 Likes

Nobody has liked this post so far
Benno444 wrote on 14.03.2025 at 20:46: There is now also a WIKI e-entry about the case. So the data was publicly available the whole time. She discovered this, informed the GGL and the loophole was then closed. It is not known whether anyone discovered the gap before her. But I would assume that if the vulnerability had been discovered by an evil villain beforehand, he would have exploited it immediately or sold it as quickly as possible, etc.pp. After all, it is clear that this loophole will become worthless sooner or later. So if no damage has been done so far, nothing will happen to you in the future either.

Even if I no longer gamble, I will still send a letter to all these shops (deletion in accordance with Art. 17 GDPR) and never want to have anything to do with them again in this life! If they don't respond, I'll follow it up with a nice complaint to the data protection supervisory authority.


I also think that's a bit too easy to say. A lot of data that has been won is often sold in larger packages on the darknet. In addition, the possible uses for it are wide-ranging. It doesn't always have to be the awesome stuff like identity theft - there are also much more subtle methods of making money that the person affected sometimes doesn't even notice or associate with the data leak.

I wonder how such a large company can make such mistakes. I strongly suspect that they won't get away without compensation, as the assessment depends on how well the data was protected. You can also claim psychological distress.

This post has been translated automatically

Hot Topics16th Apr. 2025 at 02:01 pm CEST

Online Casinos
0
Miscellaneous
0
Miscellaneous
0

GambleJoe Team

Profile picture of JulianJulian online
Community-Manager / Complaint SpecialistProfile picture of CounterCounter
Software developerProfile picture of MatthiasMatthias
Project manager
Profile picture of DanielDaniel
Founder

Community Forum-Moderators

Members who assist the GJ team in moderating the forum.
Profile picture of AndreAndre
Profile picture of gamble1gamble1
Profile picture of Langhans_innenLanghans_innen
Profile picture of SaphiraSaphira
GambleJoe is aimed exclusively at user whose allowed to play legally with his current location in online casinos and does not violate the current law.
It is the responsibility of the user to inform himself about the current legal situation. Gambling is prohibited for children and adolescents under the age of 18.
GambleJoe is a registered trademark with the EUIPO of GJ International Ltd.
© 2012-2025 GambleJoe.com

Forgotten your password?

Create a new password here

  • 1. Fill in the 3 fields carefully and click on the green button
  • 2. Check your email inbox for a message from GambleJoe
  • 3. Click on the confirmation link in the email and your new password will be active immediately