Privacy settings

We use a number of cookies on our website. Some are essential, while others help us improve our portal for you.

Privacy settings

Here is an overview of all the cookies we use. You can choose to accept whole categories or view more information and select only certain cookies.

Essential (6)

Essential cookies enable basic functions and are necessary for the website to function properly.

Statistics (3)

Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website.
If the statistics cookies are subsequently deselected, they will remain on the computer until the expiry date. However, they are neither updated nor evaluated.

Online Casinos in general: Hacker attack on Merkur Bets (Page 22)

Topic created on 14th Mar. 2025 | Page: 22 of 22 | Answers: 326 | Views: 26,646
frapi07
Elite

Hacker attack on Merkur Bets

15th Apr. 2025, at 06:00 pm CEST#317
5 Likes
gamble1 wrote on 15.04.2025 at 16:12:

I received an overview from The Mill today of what data was affected. They write that as far as they know, no one except the white hat hacker had access to the data, but they can't guarantee that.

Yes, that's also the next problem. Of course you can't guarantee anything. But the stalls claim that no one else had access to it. They couldn't possibly know that. You can also find statements (or emails) here where they write false facts. I don't want to imply whether this is done deliberately, but it has already happened to some people here. Example: GGL would have discovered this security gap, the hacker did not want to misuse the data (although the misuse had already taken place).

I'm not an IT expert, but I'm interested in how the hacker did it. We read that a GraphQL of an API was the cause of this vulnerability. This GraphQL had inadequate authorization, which allowed the data to be retrieved. So it wasn't an infiltrated virus, a Trojan or a phishing email, no - it simply wasn't secured well enough.

Maybe I'm a noob, but I think that every computer scientist has worked with GraphQL or has already dealt with it. I've read that many companies use it, precisely because GraphQL is very efficient at querying data. I don't want to put my hand on the fire, but I think quite a few could have abused this loophole.

This post has been translated automatically

Comingsoon19
Experienced

Hacker attack on Merkur Bets

16th Apr. 2025, at 11:28 am CEST#318
1 Like

Liked this post: Avatar von frapi07 frapi07
frapi07 wrote on April 15, 2025 at 6:00 pm:
Yes, that's the next problem too. Of course you can't guarantee anything. But the stalls claim that no one else had access to it. They couldn't possibly know that. You can also find statements (or emails) here where they write false facts. I don't want to imply whether this is done deliberately, but it has already happened to some people here. Example: GGL would have discovered this security gap, the hacker did not want to misuse the data (although the misuse had already taken place).

I'm not an IT expert, but I'm interested in how the hacker did it. We read that a GraphQL of an API was the cause of this vulnerability. This GraphQL had inadequate authorization, which allowed the data to be retrieved. So it wasn't an infiltrated virus, a Trojan or a phishing email, no - it simply wasn't secured well enough.

Maybe I'm a noob, but I think that every computer scientist has worked with GraphQL or has already dealt with it. I've read that many companies use it, precisely because GraphQL is very efficient at querying data. I don't want to put my hand on the fire, but I think quite a few could have abused this loophole.


Hello,

I come from the IT industry and yes, with expert knowledge, anyone could have done this. It was not a direct hack. The data was visible to anyone with some experience due to the gap in the interface. But it's really not easy to exploit this error.

And there really are these "hackers" who point this out positively without any ulterior motives or blackmail etc.


This post has been translated automatically

frapi07
Elite

Hacker attack on Merkur Bets

16th Apr. 2025, at 01:19 pm CEST#319
1 Like

Liked this post: Avatar von Danny0815 Danny0815

Comingsoon19 wrote on April 16th, 2025 at 11:28 am:

Hello,

I come from the IT industry and yes with expert knowledge anyone could have done this. It was not a direct hack. The data was visible to anyone with some experience due to the gap in the interface. But it's really not easy to exploit this error.

And there really are these "hackers" who point this out positively without any ulterior motives or blackmail etc.



Thank you for the answer. I know that there are good and bad hackers.

I just wasn't 100% sure whether GraphQL can be used by just about any computer scientist, or whether advanced training or the like is required. I assume it's part of the basic knowledge (just because it's supposed to be very good). However, as I have neither trained nor studied in this field, I could only guess.

I wondered about this for one simple reason: you want to give the impression that this vulnerability is extremely difficult and that hardly anyone could discover it. But your answer told me that it's not what they want to make it look like.

This post has been translated automatically

Danny0815
Visitor

Hacker attack on Merkur Bets

16th Apr. 2025, at 05:55 pm CEST#320
0 Likes

Nobody has liked this post so far
"CrazyBuzzer BECOMES SLOTMAGIE"
I don't know if there is a connection. Does anyone know if this has been planned for some time?
A merger like this usually involves cost savings.
The "war chest" needs to be filled.

Danny0815

This post has been translated automatically

frapi07
Elite

Hacker attack on Merkur Bets

16th Apr. 2025, at 06:33 pm CEST#321
0 Likes

Nobody has liked this post so far

Danny0815 wrote on 16.04.2025 at 17:55: "CrazyBuzzer BECOMES SLOTMAGIE"
I don't know if there is a connection. Does anyone know if this has been planned for a while?
A merger like this usually results in cost savings.
The "war chest" needs to be filled.

frapi07

It was probably planned for some time. Could be a coincidence, but in 2023 the sponsor for the GJ Advent calendar was still Crazybuzzer. In 2024 it was then Slotmagie.

This post has been translated automatically

WithoutWings
Expert

Hacker attack on Merkur Bets

22nd Apr. 2025, at 04:05 pm CEST#322
0 Likes

Nobody has liked this post so far
thank you for contacting us. We have reviewed your request and can provide you with the following information.



Despite extensive security measures, our IT system was the target of a cyber attack by a so-called white-hat hacker. White-hat hackers act without intent to cause harm and regularly report security vulnerabilities in systems in order to improve the security of IT systems. The official and internal investigation of security vulnerabilities revealed that incorrectly configured interfaces on our website made it possible for a registered customer to theoretically view the data of other customers. However, the data was not readily accessible, but required a particularly high level of specialist knowledge and the circumvention of various security measures. As far as we are currently aware, no other unauthorized third parties apart from the white-hat hacker were able to access the data. The white-hat hacker has not expressed any intention to pass on or misuse the information obtained.



Actions on the Internet are associated with certain risks and cyber security is a continuous process that is subject to ongoing adjustments. Just because the security configurations on a company's website need to be adjusted does not mean that this is due to misconduct on the part of the company or that the company has violated laws or regulations. Nor does such liability arise from the General Data Protection Regulation (GDPR). Furthermore, to the best of our knowledge, no material damage has been caused to our customers, as we have not detected any misuse by or disclosure of data to unauthorized third parties.



Against this background, we therefore do not see ourselves in a position to comply with any request for payment of damages. In cooperation with the supervisory authority responsible for us, which drew our attention to the improvement of the security loopholes, we immediately adjusted them. Against this background, we see no basis for complying with your request.



We will contact you separately with regard to your request for information within the meaning of Art. 15 GDPR.



We hope that your request has been answered comprehensively and to your satisfaction.

The answer came today

This post has been translated automatically

Ollid3
Amateur

Hacker attack on Merkur Bets

22nd Apr. 2025, at 07:29 pm CEST#323
0 Likes

Nobody has liked this post so far
I got it too
Something from The Mill
2 mails
Saying of course the same stuff as before

If they would at least admit the mistake
Well, let's wait and see

This post has been translated automatically

MisterL
Expert

Hacker attack on Merkur Bets

23rd Apr. 2025, at 10:43 pm CEST#324
0 Likes

Nobody has liked this post so far
all the lawyers, and those who want to become lawyers

what creative powers in our individual ( boah ) world

dog eats dog ( sometimes also cats, or bitches )

This post has been translated automatically

DieWunderharke5000
Expert

Hacker attack on Merkur Bets

24th Apr. 2025, at 10:16 am CEST#325
0 Likes

Nobody has liked this post so far
I noticed the following sentence in the latest GambleJoe news:


SlotMagie is an online casino that has been operated by Solis Ortus Service Ltd. since April 24, 2025. Until then, SlotMagie was operated by The Mill Adventure Ltd.



Why the change now? Is it perhaps due to the pending lawsuits against The Mill? So that you can somehow talk your way out of the company no longer existing? Is there any information?

This post has been translated automatically

frapi07
Elite

Hacker attack on Merkur Bets

24th Apr. 2025, at 11:01 am CEST#326
0 Likes

Nobody has liked this post so far

DieWunderharke5000 wrote on 24.04.2025 at 10:16 am: I noticed the following sentence in the latest GambleJoe news:





Why the change now? Is this perhaps related to the pending lawsuits against The Mill? So that you can somehow talk your way out of the company no longer existing? Is there any information?

I can't tell you why they changed operators. Maybe nobody here can tell you 100%.

But you don't need to worry. It's not that easy to fend off a lawsuit. Otherwise it would be too easy. Violate the law, dissolve or sell the company and then go back to sleep in peace

This post has been translated automatically

Stromberg
Legend

Hacker attack on Merkur Bets

24th Apr. 2025, at 05:14 pm CEST#327
0 Likes

Nobody has liked this post so far

DieWunderharke5000 wrote on 24.04.2025 at 10:16 am: I noticed the following sentence in the latest GambleJoe news:





Why the change now? Is this perhaps related to the pending lawsuits against The Mill? So that you can somehow talk your way out of the company no longer existing? Is there any information?

Hard to say.


All 3 hacked casinos, to which CrazyBuzzer also belongs, seem to have been hacked via the vulnerability at The Mill Adventure.

Whereby SlotMagie was also operated by The Mill A., while crazybuzzer is operated by solis ortus and used the software solution from The Mill Adventure?

Heist the Mill Adventure provides both the software solutions as a whitelabel and also operates a casino with slotmagie?

Well, in any case, the hacker also writes in her article that she has also found people who operate illegal casinos via the Mill, whatever exactly is meant (presumably illegal in DE). Apparently, 12 pages of The Mill were then also taken offline. You can find it on x at Lilith Wittmann.

Maybe that's why the Merkur Group no longer wants to offer under the operator or something like that...

Maybe they realized a long time ago that it's not profitable to operate so many brands with their own structures on the German market and the whole thing has nothing to do with that... 🤷

This post has been translated automatically

Apromo
Rookie

Hacker attack on Merkur Bets

25th Apr. 2025, at 12:09 am CEST#328
0 Likes

Nobody has liked this post so far
frapi07 wrote on April 24th, 2025 at 11:01 am:

I can't tell you why they changed operators. Probably no one here can tell you 100%.

But you don't need to worry. It's not that easy to fend off a lawsuit. Otherwise it would be too easy. Just violate the law, dissolve or sell the company and then go back to sleep in peace

In Germany, this is possible because the current shareholder/owner is liable. As far as I know, you can avoid almost all problems with a change of shareholder and a properly written purchase agreement (requires various clauses to exploit legal loopholes).

This post has been translated automatically

Hot Topics25th Apr. 2025 at 04:21 am CEST

Online Casinos
0
Online Casinos
0
Online Casinos
0

GambleJoe Team

Profile picture of JulianJulian
Community-Manager / Complaint SpecialistProfile picture of CounterCounter
Software developerProfile picture of MatthiasMatthias
Project manager
Profile picture of DanielDaniel
Founder

Community Forum-Moderators

Members who assist the GJ team in moderating the forum.
Profile picture of AndreAndre
Profile picture of gamble1gamble1
Profile picture of Langhans_innenLanghans_innen
Profile picture of SaphiraSaphira
GambleJoe is aimed exclusively at user whose allowed to play legally with his current location in online casinos and does not violate the current law.
It is the responsibility of the user to inform himself about the current legal situation. Gambling is prohibited for children and adolescents under the age of 18.
GambleJoe is a registered trademark with the EUIPO of GJ International Ltd.
© 2012-2025 GambleJoe.com

Forgotten your password?

Create a new password here

  • 1. Fill in the 3 fields carefully and click on the green button
  • 2. Check your email inbox for a message from GambleJoe
  • 3. Click on the confirmation link in the email and your new password will be active immediately