Hacker attack on German online casinos with consequences for the focus of GGL?
In mid-March 2025, it was revealed that three German online casinos had exposed sensitive information of more than one million players to the public due to massive data protection vulnerabilities. In the wake of this, the question arises as to whether the German gambling supervisory authority should also take a closer look at the technical infrastructure of such platforms. In addition, the specialist press has reported (not without criticism) on a side effect that is probably quite pleasing for the authorities: Various illegal providers are said to have disappeared from the net following the hack.
The incident that shook up the gambling industry and its customers in mid-March 2025 was, in principle, a hack. However, the person responsible, Lilith Wittmann, did not really have to do much to access the sensitive data. There can hardly be any talk of a classic break-in into protected systems here. The software developer, IT security expert and activist made it clear in her exposé of the campaign that nothing more was needed than to make targeted queriesvia the GraphQLinterface protocol ("users", "sessions" and "paymentOptionsV2"). A login was not required. The system was therefore practically "completely publicly accessible". The security vulnerability was at the IT service provider The Mill Adventures from Malta, which provides the software for online casinos as a complete solution.
She communicated the technical vulnerability to the Joint Gambling Authority of the federal states (GGL), which led to public warnings. It was only at the beginning of February that we asked ourselves whether such disciplinary notifications, which are visible to everyone, are fair.
- It was clear that this would not be the end of the matter. Lilith Wittmann should have less to worry about. Merkur AG, to which the platforms in question belong, and The Mill Adventures are more likely to be in the crosshairs of the press, politicians and law enforcement. However, there are also growing calls for GGL to focus more on the technical infrastructure of online casinos - in the interests of player protection.
- Furthermore, the trade press sees a kind of "quiet tactics" on the part of the regulatory body. After the loophole became known, illegal online casinos have apparently also suddenly disappeared from the net. As Wittmann's account suggests, some of them may even have German operators. So far, the GGL has remained silent on the matter.
Should the GGL also control the gambling software?
The trade magazine Games & Business in particular directed its criticism at GGL following the hacker attack. In a detailed article on the subject, the magazine wondered whether the role of software providers such as The Mill Adventure in the security structure of online casinos is possibly underestimated. Should the gambling authority perhaps also have to examine the technical infrastructure more closely?
For an experienced company like The Mill Adventure, it seems unlikely that this third party will not exercise the necessary care. Nevertheless, it has happened. And it happened to systems that are used to move millions every day.
The question of who is ultimately responsible leads into the legal gray area. Operator, technical service provider, supervisor? While the responsibilities become blurred in practice, the moral compass seems clear: anyone who deals with sensitive data and operates gambling platforms should also have full control.
► And this is where GGL comes in. The Games & Business article talks about growing calls for consequences. There should be "more transparency, mandatory security certificates for software providers, regular audits and a better overview of who is providing the technology in the background".
Illegal online casinos off the net, operators from Germany uncovered - but what is the GGL doing?
While the public was still discussing the massive security gaps at the regulated Merkur platforms, a completely different movement had long been underway in the background: according to Games & Business, a not inconsiderable number of illegal online casinos suddenly disappeared from the net. What at first glance appeared to be a routine update turned out on closer inspection to be a silent crackdown - apparently triggered by the same incident that shook up the licensed providers.
In her exposé, Lilith Wittmann describes The Mill Adventure as operating "one legal and one illegal instance of their casino software". Both systems apparently had the same security vulnerabilities.
Particularly piquant: Merkur AG, whose casinos were affected by the security vulnerabilities, maintains a close partnership with The Mill Adventure. In the past (especially after the publication of the Paradise Papers in 2017), the company has demonstratively distanced itself from illegal gambling.
Incidentally, there have already been two rather explosive revelations about gambling software providers and black market activities in the recent past:
- At the end of 2024, BR revealed links between the Berlin-based company SOFTSWISS and illegal online casinos.
- At the beginning of 2025, a data leak revealed structures of illegal online casinos in which the software company Delasport is said to play a key role.
In the midst of all this, one wonders what GGL is actually doing. Although the trade magazine Games & Business is cautious in its comments, criticism can be felt between the lines: Why were casinos shut down that never had a license in Germany? And why so suddenly? Did the software provider want to rule out further data scandals? Or did the GGL have a hand in it?
The fact is that by removing the pages, a significant part of the black market was eliminated in one fell swoop. Whether this was done under pressure from the authorities or as a self-protective measure by The Mill Adventure remains an open question. However, it is precisely this silence that makes the case so exciting.
According to Games & Business, some observers suspect that the GGL is deliberately holding back in order to "quietly" clean up the market. After all, if illegal providers disappear of their own free will, this saves complicated proceedings, lengthy investigations - and headlines. Well, the latter is not entirely true, of course.
Conclusion
The incident surrounding The Mill Adventure and the Merkur casinos has revealed how vulnerable even established online gaming platforms are - and how quickly convenience can become a real risk for millions of users. The fact that not only regulated providers were affected, but that part of the illegal market was apparently also cleared along the way, makes the matter even more explosive.
The Joint Gambling Authority of the federal states is now faced with a fundamental question: is it enough to issue licenses and issue public warnings for violations - or will more in-depth technical checks and clear guidelines for software providers in the background be required in future?
So far, the GGL has remained conspicuously quiet. But it is precisely this reticence that could prove problematic in the long term. Games & Business has already probed a little deeper - and there is a good chance that more questions will be raised on the matter.
Source of the image: https://pixabay.com/illustrations/development-icon-development-concept-3335977/
Central text sources: https://gamesundbusiness.de/zahlreiche-casino-websites-offline-gluecksspiel-software-bald-im-fokus-der-ggl, https://lilithwittmann.medium.com/casinonutzer-der-merkur-gruppe-verlieren-nicht-nur-ihr-geld-sondern-auch-ihre-daten-ef6710184f7c, https://igamingbusiness.com/tech-innovation/cybersecurity/merkur-player-data-breach-cyber-security-questions/
0 Comments to: Hacker attack on German online casinos with consequences for the focus of GGL?
write a commentOur community thrives on your feedback - so let us know what you think!
Would you like to write comments on GambleJoe yourself? Then just create a GambleJoe User Account.