A Maltese casino software company is not doing a particularly great job of protecting the sensitive information of customers, according to an IT security expert.
Lilith Wittmann explained in a blog post that she was able to access the “treasure trove of data” as a result of weak protections by The Mill Adventure, a company based in St Julian’s Malta. Wittmann is a member of the Chaos Computer Club, an association for hackers based in Europe.
weak protections were found in Slotmagie.de, Crazybuzzer.de, and Merkurbets.de
According to Wittmann, weak protections were found in Slotmagie.de, Crazybuzzer.de, and Merkurbets.de, which are all online casino companies operated by subsidiaries of German company Merkur. She was able to access player names, email addresses, credit card details, postal addresses, and casino IDs.
In addition, the hacking expert said she accessed more than 70,000 ID photos, selfies, and proofs of address. “Almost all of the data stored in their casino systems [is] publicly accessibly,” she said, referring to Merkur.
Wittmann notified the German Gambling Authority and has confirmed that the vulnerability has now been fixed. However, it is unclear if anyone accessed the data beforehand. The Mill Adventure told local media that it was “an unprecedented event” that resulted in “immediate action to address the issue.”