The Business & Technology Network
Helping Business Interpret and Use Technology
Home
Newswire > German gambling firm Merkur hit with major cyberattack
German gambling firm Merkur hit with major cyberattack
«  

March

  »
S M T W T F S
 
 
 
 
 
 
1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
30
 
31
 
 
 
 
 
 

German gambling firm Merkur hit with major cyberattack

Tags: web
DATE POSTED:March 18, 2025
ReadWriteWeb
Original article
Merkur Gaming logo with blurred background of computers with code on

Merkur, a major player in Germany’s gambling and iGaming scene, has experienced a major security breach. The incident has resulted in a reported 800,000 users affected by the hack.

Use data was exposed by an unprotected API. Essentially, the frameworks of what make up Merkur’s games weren’t set up properly. This left data like full names and other account details left exposed to the open web.

In a blog, security expert Lilith Wittmann took a further look at the breach. According to Wittmann, sites affected include MerkurBets.de, crazybuzzer.de, and slotmagie.de. What she points out is that “The following data, among others, can be easily retrieved via the casino backend’s GraphQL interface.”

GraphQL is a tool to use alongside SQL. SQL itself manages a large portion of data for a vast amount of companies. GraphQL allows users to ping a database to acquire that information.

The damage done by the lack of security doesn’t come into view until Wittmann breaks it down by what has been retrieved. Wittmann states that by using GraphQL they were able to obtain the following information:

  • TRUSTLY (104,291) — IBANs, account holders, and some addresses
  • PAYPAL (120,900) — Email addresses, and some addresses
  • PAYLADO (1,971) — Account holders, telephone number
  • PAYSAFECARD (26,536) — Name, date of birth, and some addresses
  • ADYEN (128,965) — Name, IBAN, and some addresses, and credit card details
  • PAYMENT_IQ (31,487) — Name, IBAN/credit card details, and some addresses
  • SKRILL (912) — Email Game sessions with all moves, as well as IP addresses and browser/user agent details.

Merkur did warn its users on Thursday that there was a breach. However, it doesn’t appear to be entirely Merkur’s fault. A Malta company, The Mill Adventure, is what provides the software. Some websites using the software aren’t on the allowed list for the German Gambling Laws.

On its website, Merkur said, “Despite extensive security measures, the IT system of one of our service providers was the target of a cyberattack.

“The official and internal investigation of security vulnerabilities revealed that incorrectly configured interfaces on the merkurbets.de website made it possible for a registered customer to view other customers’ data.

“However, to the best of our knowledge, these activists have no intention of sharing or misusing the information obtained.”

The post German gambling firm Merkur hit with major cyberattack appeared first on ReadWrite.

ReadWriteWeb
Original article
Tags: web
Newswire > German gambling firm Merkur hit with major cyberattack

All Rights Reserved. Copyright , Central Coast Communications, Inc.