At the beginning of this year, a security breach exposed the sensitive information of over 800,000 players on the Merkur platforms in Germany. Cybersecurity researcher Lilith Wittmann identified the issue and revealed details about the vulnerability in an article published on 14 March. The flaw was in the API of The Mill Adventure, the company responsible for operating the online casinos Slotmagie, Crazybuzzer, and Merkurbets.
The breach allowed virtually anyone to access information stored in The Mill Adventure’s system without proper authentication. The compromised data included:
This type of exposure poses a massive risk to players, as personal data can be used for financial fraud, identity theft, and other digital scams. It also undermines the platform’s credibility and raises concerns about its security practices.
The Mill Adventure stated that the vulnerability was fixed by 17 March. Still, the incident caused concern among both affected players and regulatory authorities.
The data leak did not go unnoticed by the Gemeinsame Glücksspielbehörde der Länder (GGL), Germany’s gambling regulator. Additionally, The Mill Adventure faced accusations of providing services to offshore operators without a licence in the country.
The presence of unlicensed gaming companies in Germany is a serious problem, as they do not comply with government-imposed regulations. To prevent this, the GGL, which oversees the country’s betting sector, has increased its investigations and penalties against platforms working with these illegal operators.
After the case was uncovered, The Mill Adventure took a drastic step: it removed more than ten of these operators from its platform without providing detailed explanations. This raised questions about the company’s transparency and to what extent it is responsible for the activities of the clients using its services.
The leakage of online gambling players’ data is not an isolated issue. With the increasing digitalisation of the iGaming sector, cyberattacks and security breaches are becoming more common. Such cases demand that companies in the industry continuously invest in digital security practices to prevent financial losses, reputational damage, and harm to their players.
Beyond regulatory laws, incidents like this can lead to lawsuits, hefty fines, and even the loss of operating licences. Therefore, it is essential for online betting and gaming platforms to adopt preventive measures, such as:
The Mill Adventure case serves as a reminder of the importance of these practices in ensuring a safe environment for players and compliance with industry regulations.
Cybersecurity researcher Lilith Wittmann has a history of investigations exposing vulnerabilities in digital systems. A member of the Chaos Computer Club, one of Europe’s largest hacker groups, she has previously uncovered flaws in political party applications and government platforms. Her work follows the principle of “responsible disclosure,” informing affected companies before making the information public.
In The Mill Adventure case, her research was crucial in alerting the community to the risks of the data leak and pressuring the company to take corrective measures.
The incident serves as a warning to players about the risks of sharing personal data on online platforms. It is essential for users to choose licensed operators, enable additional authentication whenever possible, and stay alert to potential fraud. Only with a proactive approach from companies, regulators, and players can the iGaming environment become safer for everyone.
Welcome to Gambling Consulting Authority (GCA) - Your Strategic Partner in Gambling Industry Advancement
