Latest news on the hacker attack at SlotMagie, CrazyBuzzer & Merkur Bets

Several German online casinos were recently affected by a hacker attack. It is alleged that sensitive customer data was temporarily accessible to third parties. The three online gambling providers, which are owned by Merkur AG, have already informed their players of the incidents by email. But what is the best way for those affected to react and who is behind this?

At the end of December 2020, we reported on GambleJoe that cyber attacks on online gaming companies are on the rise. It appears that the IT system of a Merkur AG service provider has recently been the target of such a cyberattack. The online casinos SlotMagie, CrazyBuzzer and Merkur Bets are probably affected. Incorrectly programmed interfaces on the online platforms are said to have made it possible for sensitive data to be viewed by third parties. However, the security gap has since been closed, meaning that there is no longer any acute danger.

The current discussion about the hacker attack at Merkur Bets, SlotMagie and CrazyBuzzer can also be followed here in our forum:

GambleJoe Forum: Hacker attack on online casinos

What personal data was accessible to the hackers?

The online casinos informed their users about the incident last Friday. In addition to customer data such as name, address and account details, photos from the video identification and risk ratings for gambling addiction were also affected. Just a few weeks ago, we at GambleJoe reported on how casino verification works in German online casinos. It is particularly interesting to note that photos of the video identification are affected by the hacker attack. Many players will probably not even have been aware that these are stored by the online casino and are not deleted after verification.

Players' passwords are not believed to have been affected by the hacker attack. These are still secure, so in principle no change to passwords is necessary. Nevertheless, it is of course recommended to change passwords at regular intervals in order to achieve the highest possible security standard.

The online gambling providers currently assume that there was no specific intention to pass on the sensitive data or to misuse it for criminal acts. Instead, the hacker attack is primarily aimed at the gambling providers and not the customers.

For example, the circular email sent by SlotMagie on March 13, 2025 states:

"As far as is currently known, the attack was primarily directed against our company and not specifically against individual customers. There are no indications that the data viewed was or is being misused for fraudulent purposes. In addition, the report was made to us via the Joint Gaming Authority of the federal states (GGL) and not via the hackers themselves. Nevertheless, we are monitoring the situation very closely and are in close contact with our IT security experts and the relevant authorities."

The hacker attack is said to have been possible by simply requesting personal data such as name, player ID and payment details via the GraphQL interface of the respective backend.

Who is behind the hacker attack on Merkur AG?

Activist Lilith Wittman has since claimed responsibility for the hacker attack. According to her own statements, Wittman was also the person who informed the Joint Gaming Authority of the federal states (GGL) about the attack so that they could take supervisory measures and secure evidence. In her blog, Wittman wrote that she now had a dataset of over 200 GB containing the personal data of thousands of players from the affected online casinos.

It is interesting to note that the activist has already analyzed some of the user data obtained and intends to make it available for research. According to this, less than 10 % of players generate between 70 and 90 % of an online casino's turnover. In addition, Wittman claims that over 70,000 ID photos, selfies and address confirmations were publicly accessible due to an error in the integration of the KYC provider SumSub.

The entire article entitled Casino users of the Merkur Group not only lose their money, but also their data can be accessed online at Medium.

In the meantime, GGL has issued a public warning to the company responsible, The Mill Adventure Limited:

"The violation of ancillary provision 19 d) of the operator's license for virtual machine games pursuant to Sections 4 to 4d i.V.m. § Section 22a GlüStV 2021 for The Mill Adventures Limited of 28 July 2022 against the OWASP measures taken and breach of ancillary provision 20 of the operator license for virtual machine games pursuant to Sections 4 to 4d in conjunction with Section 22a GlüStV 2021. § Section 22a GlüStV 2021 for The Mill Adventures Limited of July 28, 2022 against the obligation to have an annual pentest carried out, which leads to the lack of security of player data on the domain www.slotmagie.de<http://www.slotmagie.de>. The data includes player master data (player ID, nickname, gender, time of LUGAS registration, time of last login, etc.), payment statistics, limit histories and also payment profiles and thus name, address, bank, IBAN, etc."

It was only in February of this year that we asked ourselves whether it was fair for GGL to publicly pillory providers.

Do players now have to take action themselves?

The gambling providers recommend being and remaining vigilant in general. In principle, however, players do not need to take any action at the moment. The risk of phishing attacks and identity theft is defined as "low". The responsible data protection authorities have of course been informed of the incidents in accordance with the regulations. As the activist has since claimed responsibility for the hacker attack, it is unlikely that players will have to worry about their data.

Source of the image: https://pixabay.com/de/illustrations/hacker-cybersecurity-hoodie-cyber-6512174/