【Winamax vip】-Ethical hacker claims unregulated casinos taken offline in Germany

The move has reportedly led to over a dozen illegal casino sites going offline.

The revelation comes from ethical hacker Lilith Wittmann, who earlier this month alleged that a security incident at Merkur, one of Germany’s largest gambling companies, may have affected up to 800,000 players.

According to Wittmann, the issue stemmed from an improperly secured GraphQL interface, which, due to a lack of proper authorisation controls, may have allowed unauthorised access to sensitive data.

Merkur Group’s affected platforms reportedly utilise portal software from The Mill Adventure, a company based in Malta.

Wittmann had previously suggested that The Mill Adventure’s software contained security flaws.

She also claimed that some online casinos operating with this software were not on the whitelist of Germany’s gambling regulator, the GGL.

‘I’ve gotten very close to the casino operators’

On Friday (21 March), Wittmann wrote on LinkedInthat, as a result of her research into legal and illegal online casinos, The Mill Adventure has “pulled the plug” and ceased providing its software to unregulated operators.

“Now, over a dozen illegal casinos in Germany are offline,” Wittmann wrote.

Wittmann emphasised the impact of investigative efforts against unregulated online casinos, pointing out that cases involving both legal and illegal gambling enterprises are not difficult to uncover.

She further argued that targeting software providers can be a more effective enforcement method than traditional government-mandated IP blocking, which often proves ineffective.

“I’ve gotten very close to the casino operators—so close that they are now scrambling to cover their tracks,” Wittmann stated, indicating that her research had put pressure on those involved in unauthorised gambling operations.

The Mill Adventure responds

Contacted by NEXT.io, a spokesperson for The Mill Adventure clarified that while its Cypriot subsidiary, The Mill Software Ltd, provides gaming software as a service, it does not control how its software is used by third-party casino operators.

“The Mill Software Ltd provides software only and has no control over the offerings, content, or activities of the website operators who use its services,” the spokesperson said.

“The responsibility for the operation of these websites lies solely with their respective operators.

“Consequently, neither we nor The Mill Software Ltd are in a position to comment on the actions or activities of these website operators,” the spokesperson added.

Germany’s gambling regulator, the GGL, had issued a formal warning to The Mill Adventure on 14 March over the security breach, however, the regulator also stated that the issue had been resolved by 17 March.

Following the initial allegations, The Mill Adventure sent NEXT.ioa statement addressing security concerns:

“This was an unprecedented event for our systems, and we took immediate action to address the issue.

“Thanks to our team’s swift response and collaboration with top cybersecurity experts, we are further hardening our defences to ensure even greater protection for the players.

“Moving forward, we remain fully committed to maintaining the highest security standards so that all player data stays safe and private, as it should,” the company said.

Meanwhile, Merkur had told NEXT.iothat it believes Wittmann is not a “data thief,” but a so-called “ethical hacker” who is concerned with uncovering security vulnerabilities rather than using the data she has obtained without authorisation.

Wittmann indicated that her report was just the first in a series of investigations into the online gambling industry.